Re: MD5 sums of individual files?
Olaf Meeuwissen writes:
>hermit@bayview.com (William R. Ward) writes:
>
>> One way to test if you have been hacked is to run an MD5 checksum of
>> key binaries and look to see if it's been replaced by the intruder.
>> Is there any place where the MD5 sums of individual executable files
>> (not the .deb files, but the /usr/bin/xxxx files that come from them)
>> can be obtained?
>
>The info you're looking for can, for most packages at least, be found
>in /var/lib/dpkg/info/*.md5sums. These files have MD5 sums for all
>files included in the .deb.
>
>Note that if you get hacked you can no longer rely on these files (so
>put them some place safe *before* you let other folks use or connect
>to your machine). Of course, /usr/bin/md5sum is also suspect and can
>not be relied upon to tell you the truth.
Of course. I'd have to burn a CDROM or something. But it's something
I've been meaning to find out about, just in case...
--
William R Ward hermit@bayview.com http://www.bayview.com/~hermit/
-----------------------------------------------------------------------------
"Those are my principles. If you don't like them I have others."-Groucho Marx
Reply to: