also sprach Mirsad Todorovac <mtodorov@alu.hr> [2007.08.28.1228 +0200]: > I wondered if there is a way to check apt-get package maintained system > against a database of known checksums. This could be md5 checksum or > timestamp, size and BSD checksum of programs). This is a question for the debian-user mailing list, not debian-qa. > I know there is AIDE, but it has the weakness of locally maintained database > of checksums that intruder can defeat once boarded the system. You can make AIDE use checksums on e.g. read-only media, such as CD-ROMs. Anyway, check out the debsums package. -- .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems (a)bort, (r)etry, (p)retend this never happened
Attachment:
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)