Splunk Search

How to locate a specific SHA1SUM value on the entire Redhat file system via Splunk search?

abidewan
New Member

How locate specific SHA1SUM value on the entire redhat file system via splunk search?

Tags (3)
0 Karma

jplumsdaine22
Influencer

You could possibly create a script that continuously crawls your entire filesystem and logs the following:

modtime filename sha1sum

Then you could index that log file and find the files you are after and the modtime they had that sha1sum.

But it's not possible to compare an arbitrary sha1sum to the current filesystem with Splunk. Although you could potentially create some kind of custom command.

0 Karma

jplumsdaine22
Influencer

Are you logging the SHA1SUMs to a file? Or you want splunk to calculate the SHA1SUM for every file on your host?

0 Karma

abidewan
New Member

Splunk to check which files in the entire file system has specific SHA1 checksum value.
For example: Show all files that have sha1sum 7716D83C0D06AB356BDFA52DEF1AF64BC5210

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...