Re: Checksums for compromise checks
On Thu, Jan 14, 1999 at 06:20:56PM -0600, Ossama Othman wrote:
> Hi,
>
> My Debian 2.1 (unstable) system detected a dozen or so port scans, via the
> Debianized courtney package, coming from an older RedHat system that had
> the NFS server bug. The RedHat system in question was able to determine
> that ps and top were trojaned by using rpm to verify the ps and top md5
> checksums. Does Debian have any such verification mechanism for
> individual files (i.e. not the entire deb)? It seems like it would be a
> useful feature to have available.
>
> -Ossama
>
> ______________________________________________________________________
> Ossama Othman <othman@cs.wustl.edu>
> 58 60 1A E8 7A 66 F4 44 74 9F 3C D4 EF BF 35 88 1024/8A04D15D 1998/08/26
>
>
>
> --
> Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
>
In /var/lib/dpkg/info/packagename.md5, an md5 sum exists for each file in the package. It should be trivial to write a script that verifies the md5s. There is probably one already out there. Anyone care to comment?
--
Stephen Pitts
smpitts@midsouth.rr.com
webmaster - http://www.mschess.org
Reply to: