Re: [DPKG] Integrity checking?
On Fri, 8 Aug 1997, Philippe Troin wrote:
> On Fri, 08 Aug 1997 09:15:06 BST "Magossa'nyi A'rpa'd"
> (mag@bunuel.tii.matav.hu) wrote:
>
> > Is dpkg can do integrity checking based on the MD5 hashes it uses?
> > Our machine has been cracked, and we want to know which binaries have been
> > compromised.
>
> There are per-package md5 sums to check the integrity of the .deb you
> download, but not per-file sums. What you can do is
The situation is a bit better than that. There are some sums for some files,
see /var/lib/dpkg/info/*.md5sums . However not all of the files have
checksums.
Is it expectable that all newer packages will have md5 sums, on every file?
It would be nice if in case of doubt, a not so security conscious admin
could do a "dpkg --check-all-sigs".
I wanted to use the md5 sums to see if we had really got cracked,
or just one account had been compromised (by admin mistake).
So far it seems that only one account had been compromised, and
they couldn't get the root account, though they had played there for a week,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
and tried every single Linux exploit known.
Unfortunately I couldn't get tripwire working, but all the logs, config
files, md5 sums, and permissions look ok. We will reinstall anyway.
Well, the fact that they couldn't get root had hit me. Till now I thought
that under B level there is not a single OS which can stand long such a wide
attack. Of course our system was neither a plain install-and-go one, but the
fact that the maintainers of Debian are sensible about security made our
life easier. Thank you all!
I am on the way getting tripwire working. I've found where does it gets that
segfault at least.
---
GNU GPL: csak tiszta forrásból
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: