Home Articles Baselining With Ruby

Baselining With Ruby

PDF Print E-mail

When you deploy a release you need to verify that the correct files were copied to the target directory as expected (often called a configuration audit). You also want to verify that unauthorized changes have not occurred (e.g. tampering with a release). I have used intrusion detection tools to protect my production baseline and verify that unauthorized changes did not occur. Another approach is to write cryptographic hashes on each configuration item and then check them to verify that the file has not been changed. This is known as creating an application baseline and here is how this works.

Step 1 is to create a file with a list of files to be verified. (We use the find command as shown). For our example, there are only three files as shown.

find /home/bob/public_html –type f > files.inp

 

cat myfoo.txt

1 | 800e4d29a80abfd0aebbc0fa400e1b0d84dc006e | /home/bob/public_html/robots.txt

2 | 727d15736fdc1bef578611063cd731e774138dbb | /home/bob/public_html/readme.txt

3 | 8633ac8ccfb376c592caf8541d3ebc4c45533648 | /home/bob/public_html/index.php

 

Next we run the script which calculates the SHA1 hash for the readme file listed above.

./mybaseline.rb

1 | 3f290e089b0aeb08e7e2dd5e3ea6e27947b61b15 | /bob/ruby/readme.txt

We will use the date command to make an “unauthorized” change to the readme.txt file and rerun the script to calculate the SHA1 hash. You now see that the hashes do not match which indicates that the readme file was changed.

[bob@myserver ruby]# date >> readme.txt

[bob@myserver ruby]# ./mybaseline.rb

1 | e04461d3822a9c69af132844cd59496ca17c2227 | /bob/ruby/readme.txt

 

 

Here is the code that reads each file and calculates the SHA1 hash.

[bob@myserver ruby]# cat ./mybaseline.rb

#!/usr/bin/ruby
#mybaseline.rb

require 'digest/md5'
require 'digest/sha1'

counter = 1

file = File.new("files.inp", "r")
while (myfilename = file.gets)
sha1_digest1 = Digest::SHA1.new()
Dir.chdir(File.dirname(myfilename))
myfilename = myfilename.chomp!
myfile = File.new(myfilename, 'r')
myfile.each_line do |line|
sha1_digest1 << line
end
puts "#{counter} | #{sha1_digest1.hexdigest} |#{myfilename}"
myfile.close
counter = counter + 1
end

 

The program begins by including the md5 and sha1 digests (allowing you to calculate either hash). We read through the list of files in files.inp (created by the find command as mentioned above). Then we read each file and calculate the SHA1 hash and finally print the filename, path and the SHA1 hash.

 

Part 2 of this article is Verify Baselines with Ruby


 



More articles by this author

Micro Focus Completes Acquisition of Serena Software, Inc. Application Lifecycle Management Acquisition Boosts Micro Focus’s DevOps Capability ROCKVILLE, Md., May 2, 2016 /PRNewswire/ -- Micro Focus (LSE: MCRO.L) today announced the completion of its acquisition of Serena Software, a leading provider of Application Lifecycle Management (ALM) software, under the terms of the definitive agreement disclosed on March 22, 2016. "Our customers continue to look at DevOps as a way to deploy critical applications and services quickly and with greater reliability to meet business demands," said Stephen Murdoch, CEO, Micro Focus. "The Serena acquisition extends our ability to help customers meet these challenges so they can drive greater innovation faster with lower risk." According to industry analyst firm Gartner, "DevOps implementations utilize technology, especially automation tools, that can leverage an increasingly programmable and dynamic infrastructure from a life cycle perspective."1  The experience and expertise which the Serena business brings will enable Micro Focus to help its customers develop and release applications and services faster, with greater speed and accuracy. Serena adds capabilities in software application development; software configuration and change management; and business process management to Micro Focus's portfolio of ALM solutions spanning mainframe environments, distributed systems and cloud. The combination of Micro Focus and Serena allows companies to better: Design and build business applications and services with greater accuracy, reliability and predictability; Continuously deploy existing core business applications on a wider variety of platforms to meet changing business needs; and Improve the speed and efficiency of new business services through automated release and deployment solutions. About Serena Software Serena is among the largest Application Lifecycle Management vendors with more than 2,500 enterprise customers. Serena helps the highly regulated large enterprise move fast without breaking things – increasing velocity of the software development lifecycle while enhancing security, compliance, and performance. More information is available at www.serena.com. About Micro Focus Micro Focus (LSE: MCRO.L) is a global enterprise software company helping customers innovate faster with lower risk. Our software helps customers build, operate and secure IT systems that bring together existing business logic and applications with emerging technologies to meet increasingly complex business demands. For more information, visit: www.microfocus.com. 1I&O Must Combine ITIL and DevOps to Deliver Business Value for Bimodal IT," by George Spafford and Ian Head, March 18, 2016.
Hi, I am excited to invite you to subscribe to our new online publication which provides guidance on Configuration Management Best Practices, Agile Application Lifecycle Management (including videos) and, of course DevOps. Our publication explains hands-on best practices required to implement just enough process to ensure that you can build software and systems that are reliable and secure. Based upon our new book, Agile Application Lifecycle Management - Using DevOps to Drive Process Improvement, the Agile ALM DevOps Journal seeks to promote a dialogue that is really needed in the industry today. We will discuss practical approaches to implementing the Agile ALM using DevOps best practices including continuous integration, delivery and deployment. We will also discuss process improvement strategies that work in large organizations that must comply with federal regulatory guidelines, along with smaller teams that may very well grow as they become successful. We are taking this journey together and our goal is to ensure that you have a voice and can share your experiences along with learning from other colleagues too. Enjoy Leslie Sachs's amazing column: Personality Matters and Bob Aiello's column: Behaviorally Speaking. We will also report on major incidents where organizations clearly need to improve on their ability to develop and deliver software effectively, including the recent Southwest systems glitches which resulted in thousands of flights being cancelled and thousands more being delayed. We will also bring you exciting technical product announcements such as jfrog's new xray, which helps to scan your runtime objects, including docker images, for vulnerabilities. This is an exciting time to be in the technology field. Join the revolution! You can submit your articles for publication to share your own knowledge and experience!  Subscribe to receive your copy and register so that you can comment online Bob Aiello http://www.linkedin.com/in/BobAiello @bobaiello, @agilealmdevops, @cmbestpractices This e-mail address is being protected from spambots. You need JavaScript enabled to view it  
 
Copyright © 2017 CM Best Practices. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.
 

Product News

Live Online Training

Jobs