On 2007-07-29, Mathias Brodala <info@noctus.net> wrote:
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig6620D8D79CB50A9B1AFF7AB2
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Hi Douglas.
Douglas Allan Tutty, 29.07.2007 18:35:
Boot the box from something like the install CD, go to a shell, mount
your / partition ro, noexec.
=20
I think the install CD has md5sum installed. Run:
#md5sum /bin/login.
=20
On my i386, I get:
=20
2ee32ff74e474c4d9fc9df6f1460980f /bin/login
You should also tell the exact version of the "login" package you are usi=
ng.
Otherwise this number is useless.
With 1:4.0.18.1-11 on i386 I get this:
004a41bb9196f1888bd89c2245910f46 /bin/login
Which is just what I got too. I found an old Mepis CD, booted into
that, mounted my / partition, ran md5sum on /bin/login, and out came
the same answer, for the same version of /bin/login.
So I'm going to proceed as if I've been lucky, have not been
rootkit-ed, and will continue on with hardening my laptop without
reinstalling.
Thanks for your help!
Tyler