Re: Binary Security & md5sums
hi ya
it is very much worth the effort ( at least to me )
run the commands hourly to see if yu've been hacked in the last hour
or every 5 minutes or ?? to suit your paranoia level
do the same for /sbin /etc and other binaries ( /usr/local/{bin,sbin} and
config you wanna protect
-- lot better than tripwire in my book...
- no false alarms about hacked binaries/config files
-- i do a "ls -laR --full-time *" too and check it to know what files
caused the mdsum to mis-compare
-- keep bin.tar.gz and bin.tar.listing.txt in the example on a safe
read-only media like cdrom
c ya
alvin
On Mon, 23 Sep 2002, Brad Tilley wrote:
> We run md5sums on all system binaries on our Debian servers and tar the actual
> binaries to a file and then burn everything to CD with other data about the
> server for security reasons. Do any other Debian users do this? Is it worth
> the effort? Is this too paranoid?
>
> Below are the commands we use to do this:
>
> cd /bin
> md5sum * | mail -s "md5sums on pine from bin" admis@email.edu
> tar cvzpf bin.tar.gz && mv bin.tar.gz /root
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: