Re: How to securely verify that package-installed files match originals?

[Davide Prina <davide.prina@gmail.com>]

On 14/01/21 11:56, Erik Poupaert wrote:

> dpkg -V <package>
>
> The reason why I am carrying out this audit is, however, because I somehow
> suspect that the system could be compromised.

as suggested you can use debsums

you can also use

* to detect missing or unexplained files
cruft

Note: the output can be very very long, save it to a file and set the 
--ignore flag to directory where you are sure there are no problems

* to detect rootkit
chkrootkit
rkhunter

If your system is compromised and try to understand from where they come 
in or you want to check for vulnerability on your system you can use (I 
never try these):
checksecurity
tiger

To see open security bugs on installed package:
debian-security-support

Note that, in theory, your system can be compromised with code in 
RAM/GPU MEMORY/BIOS/UEFI/...
For RAM and similar you can solve restarting your PC with a trusted 
system, but for others normally you are unable to check if something is 
wrong and from that PC can be that you cannot start a trusted system

I'm not a security expert, but this thinks is very interesting...

Ciao
Davide