Re: How reliable is "debsums"?

To: debian-security@lists.debian.org
Cc: Kristian <kristian@hitech-sanita.it>
Subject: Re: How reliable is "debsums"?
From: Justin Ryan <justin@gnubian.org>
Date: 25 Sep 2002 04:31:52 -0500
Message-id: <[🔎] 1032946312.27849.15.camel@justin>
In-reply-to: <[🔎] 1032944955.647.7.camel@bobo>
References: <[🔎] 1032944955.647.7.camel@bobo>

On Wed, 2002-09-25 at 04:09, Kristian wrote:
> I suppose that if someone managed to get into a machine, he could simply
> regenerate the md5 checksums after modifying "ls, ps, top and friends".

Quite Possibly.  It is not a bulletproof solution, but can be useful..

> Just another question: could anyone suggest a way to automate checks
> with debsums? And why shoul I use debsums instead of simply running
> stuff like tiger or integrit? I don't get it.

Use both!  One advantage of debsums is that you can compare md5sums
against a package, rather than just the system db.  If you fear that
something may have been modified, you can download the .deb file and
bypass anything that an attacker could modify.  Of course, the debsums
binary could be modified to never report that anything has changed, but
every little bit helps..

-Justin

Reply to:

Follow-Ups:
- Re: How reliable is "debsums"?
  - From: Alexander Neumann <alexander@bumpern.de>
- Re: How reliable is "debsums"?
  - From: Ralf Dreibrodt <rd@mesos.de>
- Re: How reliable is "debsums"?
  - From: Joey Hess <joeyh@debian.org>

References:
- How reliable is "debsums"?
  - From: Kristian <kristian@hitech-sanita.it>

Prev by Date: How reliable is "debsums"?
Next by Date: Re: How reliable is "debsums"?
Previous by thread: How reliable is "debsums"?
Next by thread: Re: How reliable is "debsums"?
Index(es):
- Date
- Thread