mirror of https://github.com/MISP/misp-packer
chg: [doc] Added verify.txt completeness
parent
ee625d48d3
commit
e36402b704
76
verify.txt
76
verify.txt
|
@ -20,8 +20,9 @@ Download the OVA and the ASC into the same directory.
|
|||
On the command line verify the PGP signature first, example:
|
||||
|
||||
$ gpg --verify MISP_v2.4.107@latest.ova.asc MISP_v2.4.107@latest.ova
|
||||
|
||||
TODO: Include output.
|
||||
gpg: Signature made Wed 15 May 2019 07:04:42 PM JST
|
||||
gpg: using RSA key EDEC891834F20B13
|
||||
gpg: Good signature from "CIRCL MISP (CIRCL MISP VM Release Key) <misp-vm@circl.lu>" [ultimate]
|
||||
|
||||
3. Download SFV files
|
||||
|
||||
|
@ -29,14 +30,38 @@ Now download the checksum file and its signature, and verify.
|
|||
|
||||
$ wget https://www.circl.lu/misp-images/MISP_v2.4.107@latest-CHECKSUM.sfv
|
||||
$ wget https://www.circl.lu/misp-images/MISP_v2.4.107@latest-CHECKSUM.sfv.asc
|
||||
$ gpg --verify /MISP_v2.4.107@latest-CHECKSUM.sfv.asc MISP_v2.4.107@latest-CHECKSUM.sfv
|
||||
$ gpg --verify MISP_v2.4.107@latest-CHECKSUM.sfv.asc MISP_v2.4.107@latest-CHECKSUM.sfv
|
||||
gpg: Signature made Wed 15 May 2019 07:15:10 PM JST
|
||||
gpg: using RSA key EDEC891834F20B13
|
||||
gpg: BAD signature from "CIRCL MISP (CIRCL MISP VM Release Key) <misp-vm@circl.lu>" [ultimate]
|
||||
|
||||
If you get a BAD signature, please download again.
|
||||
|
||||
Next, use rhash or go with the manual way.
|
||||
|
||||
rhash
|
||||
-----
|
||||
|
||||
$ rhash -c MISP_v2.4.107@latest-CHECKSUM.sfv
|
||||
$ cat MISP_v2.4.107@latest-CHECKSUM.sfv |sed 's/@\(.*\)-/@latest-/g' |sed 's/@\(.*\).ova/@latest.ova/g' |rhash -c -v --percents -
|
||||
|
||||
--( Verifying MISP_v2.4.107@latest-CHECKSUM.sfv )-------------------------------
|
||||
MISP_v2.4.107@latest-VMware.zip OK
|
||||
MISP_v2.4.107@latest.ova OK
|
||||
--------------------------------------------------------------------------------
|
||||
Everything OK
|
||||
|
||||
Manual (not recommended)
|
||||
------------------------
|
||||
|
||||
Take any file you want to verify, with sha1-sum for example.
|
||||
|
||||
$ shasum MISP_v2.4.107@8a51109.nvram | cut -f 1 -d\ |grep -o -i -f - MISP_@8a51109.sfv
|
||||
D3A2EBF751E31C6972F89DEC4F57D69C4681A142
|
||||
|
||||
If you get back a shasum, it worked, the file is safe and sound.
|
||||
|
||||
Now you could do this, for all files, for all the checksums (sha1/256/384/512) OR just use rhash.
|
||||
|
||||
|
||||
Verify VMware
|
||||
-------------
|
||||
|
@ -50,7 +75,46 @@ Download the ZIP and the ASC into the same directory.
|
|||
On the command line verify the PGP signature first, example:
|
||||
|
||||
$ gpg --verify MISP_v2.4.107@latest-VMware.zip.asc MISP_v2.4.107@latest-VMware.zip
|
||||
gpg: Signature made Wed 15 May 2019 07:04:42 PM JST
|
||||
gpg: using RSA key EDEC891834F20B13
|
||||
gpg: Good signature from "CIRCL MISP (CIRCL MISP VM Release Key) <misp-vm@circl.lu>" [ultimate]
|
||||
|
||||
TODO: Include output.
|
||||
Do step number 3 from above.
|
||||
|
||||
Do steps number 3 from above.
|
||||
$ unzip MISP_v2.4.107@latest-VMware.zip
|
||||
Archive: MISP_v2.4.107@latest-VMware.zip
|
||||
inflating: VMware/disk-s001.vmdk
|
||||
inflating: VMware/disk-s002.vmdk
|
||||
inflating: VMware/disk-s003.vmdk
|
||||
inflating: VMware/disk-s004.vmdk
|
||||
inflating: VMware/disk-s005.vmdk
|
||||
inflating: VMware/disk-s006.vmdk
|
||||
inflating: VMware/disk-s007.vmdk
|
||||
inflating: VMware/disk.vmdk
|
||||
inflating: VMware/MISP_v2.4@8a51109.sfv
|
||||
inflating: VMware/MISP_v2.4.107@8a51109.nvram
|
||||
extracting: VMware/MISP_v2.4.107@8a51109.vmsd
|
||||
inflating: VMware/MISP_v2.4.107@8a51109.vmx
|
||||
inflating: VMware/MISP_v2.4.107@8a51109.vmxf
|
||||
$ cd VMware
|
||||
$ rhash -c -v --percents MISP_v2.4@8a51109.sfv
|
||||
Config file: /etc/rhashrc
|
||||
|
||||
--( Verifying MISP_v2.4@8a51109.sfv )-----------------------------------------------
|
||||
disk-s001.vmdk OK
|
||||
disk-s002.vmdk OK
|
||||
disk-s003.vmdk OK
|
||||
disk-s004.vmdk OK
|
||||
disk-s005.vmdk OK
|
||||
disk-s006.vmdk OK
|
||||
disk-s007.vmdk OK
|
||||
disk.vmdk OK
|
||||
MISP_v2.4.107@8a51109.nvram OK
|
||||
MISP_v2.4.107@8a51109.vmsd OK
|
||||
MISP_v2.4.107@8a51109.vmx OK
|
||||
MISP_v2.4.107@8a51109.vmxf OK
|
||||
--------------------------------------------------------------------------------
|
||||
Everything OK
|
||||
|
||||
|
||||
You can be more or less confident that verything is fine.
|
||||
|
|
Loading…
Reference in New Issue