Re: Different MD5 from same kernel module tun.ko on different servers same distro
> A better tool to compare binaries is diffoscope, it can disassembles
> ELF binaries and compare the assembly.
>
> Please upload the two tun.ko files to the trydiffoscope website so
> that we can investigate the differences more closely:
>
> https://try.diffoscope.org/
Thanks for the tip, just did, results are here:
https://try.diffoscope.org/ttrrkzfqqbre.html
didn't look like code was modified, just symbols
> These look like they are two different builds of the Debian Linux
> kernel package. If you or your cloud provider did not rebuild the
> Debian Linux kernel package, then it is possible your cloud server has
> been compromised and tun.ko modified with the version from a different
> build of the package.
I didn't compiled myself this module, neither cloud provider I believe,
bcz VPS is unmanaged.
> Are there any other modified files on the system? You can use debsums to
> check.
>
Just run it, all 65418 files came clean (OK). Also tun.ko because I
restored it from linux-image-3.16.0-4-amd64_3.16.43-2+deb8u3_amd64.deb
Also copied back old tun.ko (wrong MD5) and after run debsums again, it
failed on tun.ko - so behaviour of tool is ok.
> PS: I would suggest upgrading to Debian stretch at some point.
In my plans, soon.
>
> --
> bye,
> pabs
>
> https://wiki.debian.org/PaulWise
>
>
cheers.
Thanks for the help.
Reply to: