[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Different MD5 from same kernel module tun.ko on different servers same distro



> A better tool to compare binaries is diffoscope, it can disassembles
> ELF binaries and compare the assembly.
>
> Please upload the two tun.ko files to the trydiffoscope website so
> that we can investigate the differences more closely:
>
> https://try.diffoscope.org/

Thanks for the tip, just did, results are here:

https://try.diffoscope.org/ttrrkzfqqbre.html

didn't look like code was modified, just symbols

> These look like they are two different builds of the Debian Linux
> kernel package. If you or your cloud provider did not rebuild the
> Debian Linux kernel package, then it is possible your cloud server has
> been compromised and tun.ko modified with the version from a different
> build of the package.

I didn't compiled myself this module, neither cloud provider I believe,
bcz VPS is unmanaged.

> Are there any other modified files on the system? You can use debsums to
> check.
>

Just run it, all 65418 files came clean (OK). Also tun.ko because I
restored it from linux-image-3.16.0-4-amd64_3.16.43-2+deb8u3_amd64.deb

Also copied back old tun.ko (wrong MD5) and after run debsums again, it
failed on tun.ko - so behaviour of tool is ok.

> PS: I would suggest upgrading to Debian stretch at some point.

In my plans, soon.

>
> --
> bye,
> pabs
>
> https://wiki.debian.org/PaulWise
>
>

cheers.
Thanks for the help.



Reply to: