[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MD5 sums of individual files?

Olaf Meeuwissen writes:
>hermit@bayview.com (William R. Ward) writes:
>
>> One way to test if you have been hacked is to run an MD5 checksum of
>> key binaries and look to see if it's been replaced by the intruder.
>> Is there any place where the MD5 sums of individual executable files
>> (not the .deb files, but the /usr/bin/xxxx files that come from them)
>> can be obtained?
>
>The info you're looking for can, for most packages at least, be found
>in /var/lib/dpkg/info/*.md5sums.  These files have MD5 sums for all
>files included in the .deb.
>
>Note that if you get hacked you can no longer rely on these files (so
>put them some place safe *before* you let other folks use or connect
>to your machine).  Of course, /usr/bin/md5sum is also suspect and can
>not be relied upon to tell you the truth.

Of course.  I'd have to burn a CDROM or something.  But it's something
I've been meaning to find out about, just in case...

-- 
William R Ward        hermit@bayview.com      http://www.bayview.com/~hermit/
-----------------------------------------------------------------------------
"Those are my principles. If you don't like them I have others."-Groucho Marx
Reply to: