That verifies the software that is stored somewhere, not the currently running one. Someone "insider" could load a "hacked" software into flash, boot the router with that file (supposing that he has found a way to do so) and then replace the file on the flash with the real one. How can you verify that the running software is actually the original one? -- Tassos Saku Ytti wrote on 13/1/2014 12:46:
On (2014-01-13 12:26 +0200), Tassos Chatzithomaoglou wrote:
I'm looking for ways to verify that the currently running software on our Cisco/Juniper boxes is the one that is also in the flash/hd/storage/etc. IOS: verify /md5 flash:file JunOS: filechecksum md5|sha-256|sha1 file
But if your system is owned, maybe the verification reads filename and outputs expected hash instead of correct hash.