Re: Binary Security & md5sums

To: Brad Tilley <rtilley@vt.edu>
Cc: debian-user@lists.debian.org
Subject: Re: Binary Security & md5sums
From: Alvin Oga <aoga@Maggie.Linux-Consulting.com>
Date: Mon, 23 Sep 2002 17:14:55 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.1020923171139.14973A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 200209231852.11729.rtilley@vt.edu>

hi ya

it is very much worth the effort ( at least to me )

run the commands hourly to see if yu've been hacked in the last hour
	or every 5 minutes or ?? to suit your paranoia level

do the same for /sbin /etc and other binaries ( /usr/local/{bin,sbin} and
config you wanna protect

-- lot better than tripwire in my book...
	- no false alarms about hacked binaries/config files

-- i do a "ls -laR --full-time  *"  too and check it to know what files
	caused the mdsum to mis-compare

-- keep bin.tar.gz and bin.tar.listing.txt in the example on a safe
   read-only media like cdrom

c ya
alvin


On Mon, 23 Sep 2002, Brad Tilley wrote:

> We run md5sums on all system binaries on our Debian servers and tar the actual 
> binaries to a file and then burn everything to CD with other data about the 
> server for security reasons. Do any other Debian users do this? Is it worth 
> the effort? Is this too paranoid?
> 
> Below are the commands we use to do this:
> 
> cd /bin
> md5sum * | mail -s "md5sums on pine from bin" admis@email.edu
> tar cvzpf bin.tar.gz && mv bin.tar.gz /root
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

References:
- Binary Security & md5sums
  - From: Brad Tilley <rtilley@vt.edu>

Prev by Date: Re: 2.4.19 + aic7xxx won't boot. No problem with 2.4.18.
Next by Date: Re: Mozilla dead keys
Previous by thread: Re: Binary Security & md5sums
Next by thread: Naming convention invalid (local) domain
Index(es):
- Date
- Thread