Re: MD5 sums of individual files?
> If they root your box, they could mess with your gpg keyring and/or binary.
> They could just spew out fake emails that say the thing was checked, and
> even spin the floppy disk in case you were watching to make sure it was
> doing a "real" check.
OK, I give up. ;-)
> You can't use a possibly-cracked machine to check itself, unless you are
> checking for breakins on non-root accounts. (e.g. web page defacement if
> they got in through httpd.)
Agreed... or if only one machine is available, we're back to periodically
booting from a safe, known, bootable CD-R with a kernel, a copy of the
checksums and all of required binaries on it (which is fine unless someone
broke into my house and replaced the CD-R ;-)).
I guess I'll stick with what I have (i.e. the RO floppy) and hope that the
script kiddie isn't thinking that far ahead (the last one that got through
onto a previous RedHat box of mine wasn't, fortunately).
Kenneth J. Pronovici <email@example.com>
Personal Homepage: http://www.skyjammer.com/~pronovic/
"The phrase, 'Happy as a clam' has never really held much meaning for me."