Re: Hash database
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Almut Behrens wrote:
:: On Sat, Apr 09, 2005 at 04:16:27PM +0200, Raffaele
:: D'Elia wrote:
:::: Unfortunatly not. I want to verify each file installed
:::: using .deb's against the md5sum written inside the .deb
:::: itself. Debsum does this storing the hashes locally. I
:::: want the same control over a central db, independent
:::: from the machine I'm running debsums on.
:: You could extract the checksums from a set of existing
:: .deb packages with a simple script (example below), then
:: put the generated file containing all md5sums onto some
:: shared, read-only location, and verify whatever machine's
:: installed files against this checksum "database".
[...]
:: In case there are packages missing md5sums files (does
:: happen), you can generate them with "debsums --generate",
:: and grab them from /var/lib/dpkg/info/*.md5sums (IIRC).
:: Is that closer to what you want? :)
I believe that it is closer. :)
But sounds to me, that Raffaele wants some way to
check an already installed system that maybe is compromised.
IMHO, Raffaele needs to install a fresh system, use
the scripts and hints posted here, generate the md5sums,
put it in a CD and check it in the "suspicious system".
Hope that we are even closer. :-)
Cheers,
- --
//////////
// Felipe Augusto van de Wiel (faw) <felipe@cathedrallabs.org>
// GUD-PR / DUG-PR || http://www.debian-pr.org
// GUD-BR / DUG-BR || http://www.debian-br.org
// Debian Project || http://www.debian.org/
//////////
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFCWEyHCjAO0JDlykYRAhElAJ9MOYplehYSz83svrb4QkFXcvLp5gCgqY0y
Vrb6TSVir5w/gTOYWjToBFc=
=DaZQ
-----END PGP SIGNATURE-----
Reply to: