Re: How reliable is "debsums"?
On Wed, 2002-09-25 at 04:09, Kristian wrote:
> I suppose that if someone managed to get into a machine, he could simply
> regenerate the md5 checksums after modifying "ls, ps, top and friends".
Quite Possibly. It is not a bulletproof solution, but can be useful..
> Just another question: could anyone suggest a way to automate checks
> with debsums? And why shoul I use debsums instead of simply running
> stuff like tiger or integrit? I don't get it.
Use both! One advantage of debsums is that you can compare md5sums
against a package, rather than just the system db. If you fear that
something may have been modified, you can download the .deb file and
bypass anything that an attacker could modify. Of course, the debsums
binary could be modified to never report that anything has changed, but
every little bit helps..