Re: To check a copy of a file on its originality from its installed package.
On Wed, Apr 15, 2009 at 08:46:44AM -0400, Rob McBroom wrote:
> On 2009-Apr-15, at 4:02 AM, Sthu Deus wrote:
>
>> For example, I have
>>
>> /usr/bin/sudo
>>
>> that comes from its installed package
>>
>> sudo
>>
>> My question is, How I can find out that the /usr/bin/sudo file has not
>> been exchanged with another copy by some person and therefore it does
>> some stuff that I'm not aware of.
>
>
> % aptitude install debsums
> % rehash
> % debsums sudo
This works in the simple case, the only thing to be aware of is that if someone
has the ability to change you /usr/bin/sudo, then they can probably update the
debsum as well (unless debsums are signed... are they?)
If you're really paranoid about this, you should consider looking at tools like
tripwire or samhain. But they take considerably more effort to set up.
Cheers,
--
Eric Gerlach, Network Administrator
Federation of Students
University of Waterloo
p: (519) 888-4567 x36329
e: egerlach@feds.uwaterloo.ca
Reply to: