Re: Check package component checksums against a database?

To: debian-qa@lists.debian.org
Subject: Re: Check package component checksums against a database?
From: martin f krafft <madduck@debian.org>
Date: Tue, 28 Aug 2007 12:31:53 +0200
Message-id: <20070828103153.GA19478@piper.oerlikon.madduck.net>
Mail-followup-to: debian-qa@lists.debian.org
In-reply-to: <Pine.LNX.4.62.0708281222500.27073@domac.alu.hr>
References: <Pine.LNX.4.62.0708281222500.27073@domac.alu.hr>

also sprach Mirsad Todorovac <mtodorov@alu.hr> [2007.08.28.1228 +0200]:
> I wondered if there is a way to check apt-get package maintained system 
> against a database of known checksums. This could be md5 checksum or 
> timestamp, size and BSD checksum of programs).

This is a question for the debian-user mailing list, not debian-qa.

> I know there is AIDE, but it has the weakness of locally maintained database 
> of checksums that intruder can defeat once boarded the system.

You can make AIDE use checksums on e.g. read-only media, such as
CD-ROMs.

Anyway, check out the debsums package.

-- 
 .''`.   martin f. krafft <madduck@debian.org>
: :'  :  proud Debian developer, author, administrator, and user
`. `'`   http://people.debian.org/~madduck - http://debiansystem.info
  `-  Debian - when you have better things to do than fixing systems
 
(a)bort, (r)etry, (p)retend this never happened

Attachment: digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Reply to:

References:
- Check package component checksums against a database?
  - From: Mirsad Todorovac <mtodorov@alu.hr>

Prev by Date: Check package component checksums against a database?
Next by Date: Bug#437673: dehs: Debian version of gabedit is wrong (2.0.11 instead of 2.0.11-1), so the copyright link is broken
Previous by thread: Check package component checksums against a database?
Next by thread: RM: openmash -- RoQA; orphaned, RC-buggy, no upstream
Index(es):
- Date
- Thread