Navigation
Supported Platforms
Related Documentation
- ACX, EX, M, MX, PTX, SRX, T Series
- Configuring Checksum Hashes for an Event Script
- Configuring Checksum Hashes for an Op Script
- EX, J, M, MX, PTX, QFX, SRX, T Series
- file checksum md5 command in the System Basics and Services Command Reference
- file checksum sha-256 command in the System Basics and Services Command Reference
- file checksum sha1 command in the System Basics and Services Command Reference
Configuring Checksum Hashes for a Commit Script
You can configure one or more checksum hashes that can be used to verify the integrity of a commit script before the script runs on the switch, router, or security device.
To configure a checksum hash:
- Create the script.
- Place the script in the
/var/db/scripts/commitdirectory on the device. - Run the script through one or more hash functions to calculate
hash values.
Junos OS supports MD5, SHA-1, and SHA-256 hash functions.
user@host> file checksum md5 /var/db/scripts/commit/script1.slaxMD5 (/var/db/scripts/commit/script1.slax) = 3af7884eb56e2d4489c2e49b26a39a97
user@host> file checksum sha1 /var/db/scripts/commit/script1.slaxSHA1 (/var/db/scripts/commit/script1.slax) = 00dc690fb08fb049577d012486c9a6dad34212c0
user@host> file checksum sha-256 /var/db/scripts/commit/script1.slaxSHA256 (/var/db/scripts/commit/script1.slax) = 150bf53383769f3bfedd41fe73320777f208d4fda81230cb27b8738
- Configure the script.[edit system scripts commit]user@host# set file script1.slax checksum md5 3af7884eb56e2d4489c2e49b26a39a97[edit system scripts commit]user@host# set file script1.slax checksum sha-1 00dc690fb08fb049577d012486c9a6dad34212c0[edit system scripts commit]user@host# set file script1.slax checksum sha-256 150bf53383769f3bfedd41fe73320777f208d4fda81230cb27b8738
During the execution of the script, Junos OS recalculates the checksum value using the configured hash and verifies that the calculated value matches the configured value. If the values differ, the execution of the script fails. When you configure multiple checksum values with different hash algorithms, all the configured values must match the calculated values; otherwise, the script execution fails. The commit operation also fails.
Related Documentation
- ACX, EX, M, MX, PTX, SRX, T Series
- Configuring Checksum Hashes for an Event Script
- Configuring Checksum Hashes for an Op Script
- EX, J, M, MX, PTX, QFX, SRX, T Series
- file checksum md5 command in the System Basics and Services Command Reference
- file checksum sha-256 command in the System Basics and Services Command Reference
- file checksum sha1 command in the System Basics and Services Command Reference
Published: 2013-03-05
Supported Platforms
Related Documentation
- ACX, EX, M, MX, PTX, SRX, T Series
- Configuring Checksum Hashes for an Event Script
- Configuring Checksum Hashes for an Op Script
- EX, J, M, MX, PTX, QFX, SRX, T Series
- file checksum md5 command in the System Basics and Services Command Reference
- file checksum sha-256 command in the System Basics and Services Command Reference
- file checksum sha1 command in the System Basics and Services Command Reference
