Re: Miscellaneous and security
On Sat, 03 Jan 1998 22:31:29 +0100 Mario Fabiano
>I am a new Debian user. I actually have been using Linux for a while.
>have some questions.
>Is there some way to unpack a Debian package in a place different than
>the target directories, e.g. /tmp? The aim is just to look at the
>belonging to the package.
A debian Package is a ar archive of 2 tgz files ... to unpack MANUALY a
debian package copy it to the /tmp directory and do a ar -x deb-file this
will unpack the archive leaveing you with 2 tgz files and some dpkg
control files ... all the executables are found in the data.tar.gz file
... Hope this helps ...
>Is there some way, maybe using dpkg, to check the integrity of the
>installed files. Put in other words, how can I check that some
>executables have not been replaced by some malicious users.
The Packages are all signed by the maintainers and then a md5 sum is
calculated for each package ... you can donwload the file Packages.gz
which holds disriptions for all of the debian packages .. this file also
has the posted md5 sum of the package. you can calculate the md5 sum of
the package after you have downloaded it and compare it to the pgp signed
package sum that is in the file ... in this way you can be sure of the
integrety of the packages....
>I have found some log files in /var/log that are readable by anybody.
>Maybe they are not particularly critical. I want anyway to change
>permissions, for instance to 640, for the owners root.adm. Will be the
>permissions kept by the logrotate program?
>Thank you in advance for your attention.
>Contrary to popular belief, Unix is user friendly,
>It just happens to be selective about who it makes friends with.
>TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe"
>Trouble? e-mail to firstname.lastname@example.org .
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to email@example.com .