Re: [OT?] Replacing hacked binaries

To: debian-devel@lists.debian.org
Subject: Re: [OT?] Replacing hacked binaries
From: Steve Langasek <vorlon@netexpress.net>
Date: Fri, 1 Dec 2000 18:02:38 -0600 (CST)
Message-id: <[🔎] Pine.LNX.4.10.10012011746170.747-100000@tennyson.netexpress.net>
In-reply-to: <[🔎] 20001202004816.A27886@sigrid.schuldei.com>

Hi Andreas,

> > Whether or not this is a desirable feature to have in Debian, I don't know.
> > But I do think it should be said that even though this method isn't for just
> > anyone, it IS possible to clean up a compromised machine without having to
> > wipe it out...

> I did exactly what you discribed here. Ronald (rb@debian.org) hacked a three
> line perl script that compared all availabel MD5 sums with the installed
> files fully automatical and within minutes. It did not take hours.

The 'hours' would not be the time it takes to verify the MD5 sums, but the
time it takes to go over all of the files whose MD5 sums don't match the
original values. :)  The rpm database includes MD5 sums for conffiles as well,
and many of these files may have been changed -- so of course they should all
be examined by the administrator.

Steve Langasek
postmodern programmer

Reply to:

References:
- Re: [OT?] Replacing hacked binaries
  - From: Andreas Schuldei <andreas@schuldei.org>

Prev by Date: Re: [OT?] Replacing hacked binaries
Next by Date: Re: ITP: hyperbole, infodock - integrated productivity enviroments built atop of emacs
Previous by thread: Re: [OT?] Replacing hacked binaries
Next by thread: Re: [OT?] Replacing hacked binaries
Index(es):
- Date
- Thread