# Detecting corrupted files on mounted FS without using FSCK



## startingout (Jan 12, 2012)

Hello,

Is there a way that I can detect corrupted files on a mounted file system without using the *fsck* on umounted FS?  I'm trying to go through the FS, check each file, and determine if the file is corrupted on mounted system.  

There may not be a way, or maybe someone has a script.

Thanks


----------



## wblock@ (Jan 13, 2012)

Keep a database of files and checksums to compare to the current version.  mtree(8) might be one way.


----------



## startingout (Jan 13, 2012)

Any other way of doing this if the bsd code has been modified and does not have the mtree command?  I'm looking into why this is not included.


----------



## wblock@ (Jan 13, 2012)

It would depend on what's available.  What version of FreeBSD?  If it's a modified version like FreeNAS, lots of stock FreeBSD stuff will be missing.


----------



## anomie (Jan 13, 2012)

Here's a crude way to do it if openssl's dgst(1) command is available on the system. 


```
# find /usr/bin -type f -exec openssl dgst -sha1 {} \; > new-db
```

Similar caveat, though: you must have a DB that was created when the system was in a "known good" state to compare against.


----------



## SirDice (Jan 13, 2012)

Originally intended as a security measure, the old and venerable security/tripwire can automate this.


----------



## startingout (Jan 14, 2012)

Thank you all for the responses - good information.  It's an older FreeBSD version that was modified so I'll have to check that these options are available.  Until the system is migrated can't upgrade to a newer version but will run test beds in parallel.


----------



## throAU (Jan 17, 2012)

Another way to do this if you are able to reinstall would be to install to ZFS, which has built in checksums to detect corruption as it occurs.


----------

