In my previous post I proposed a simple method to identify possible modifications in files at the Operating System level. The idea is simple, it is to generate a checksum or hash of the file by passing it some algorithm that generates this type of hash, the most common are usually DES, 3DES, MD5, SHA, although the former are older and easier to attack. The proposed algorithm is based on MD5 and SHA, and implemented in Python.
In this case we are going to see an example to have a control, and to be able to determine if any procedure, package or function has been modified. We are doing this example in Oracle, but it can be extrapolated to other managers.
Basically what we are going to do is choose a procedure, join all the lines in a variable and apply an algorithm to it, in this case it will be SHA1, to generate a hash. We must store this hash (in a table, in a record in another database, in an excel, etc.) so that at a later time we can compare it and determine if that code has been touched.
DECLARE
TEXTO CLOB;
BEGIN
FOR i IN (SELECT TEXT FROM USER_SOURCE WHERE NAME='MY_PROCEDURE')
LOOP
TEXTO := TEXTO || i.text;
END LOOP;
DBMS_OUTPUT.PUT_LINE ('HASH SHA1 FOR THE STORED PROCEDURE : ' || DBMS_CRYPTO.HASH (TEXTO, DBMS_CRYPTO.HASH_SH1));
END;
/
The output is show below;
SQL> DECLARE
2 TEXTO CLOB;
3 BEGIN
4 FOR i IN (SELECT TEXT FROM USER_SOURCE WHERE NAME='MY_PROCEDURE')
5 LOOP
6 TEXTO := TEXTO || i.text;
7 END LOOP;
8 DBMS_OUTPUT.PUT_LINE ('HASH FOR THE STORED PROCEDURE : ' || DBMS_CRYPTO.HASH (TEXTO, DBMS_CRYPTO.HASH_SH1));
9 END;
10/
HASH FOR THE STORED PROCEDURE : 047E68B89B3F3321AD9772BE7C4EEAA59A03BF30
PL/SQL procedure successfully completed.
HTH – Antonio NAVARRO