Re: How reliable is "debsums"?

To: debian-security@lists.debian.org
Subject: Re: How reliable is "debsums"?
From: Javier Fernández-Sanguino Peña <jfs@computer.org>
Date: Thu, 26 Sep 2002 09:54:28 +0200
Message-id: <[🔎] 20020926075428.GA9823@dat.etsit.upm.es>
In-reply-to: <[🔎] 20020925195905.GD19471@alcor.net>
References: <[🔎] 1032944955.647.7.camel@bobo> <[🔎] 20020925195905.GD19471@alcor.net>

On Wed, Sep 25, 2002 at 03:59:05PM -0400, Matt Zimmerman wrote:
> 
> The same applies for any intrusion detection tool, including the ones you
> mention below.
(...)
	Not quite exact.
> debsums attempts to detect files which are different from the versions which
> were originally installed from .deb archives.  Stuff like tiger and integrit
> attempt to detect files which are different from the versions which were
> installed at some point in the past.
> 
	Integrit yes. Tiger yes/no. As a matter of fact tiger has:

1.- a module to check against known vulnerable cheksums (not updated for
Debian)
2.- a module that uses tripwire
3.- a module that uses debsums

	User can run whichever he likes best. Just FYI.

	Regards

	Javi

Reply to:

Follow-Ups:
- Re: How reliable is "debsums"?
  - From: Matt Zimmerman <mdz@debian.org>

References:
- How reliable is "debsums"?
  - From: Kristian <kristian@hitech-sanita.it>
- Re: How reliable is "debsums"?
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: Security updates without DSA?
Next by Date: Re: How reliable is "debsums"?
Previous by thread: Re: Security updates without DSA?
Next by thread: Re: How reliable is "debsums"?
Index(es):
- Date
- Thread