[CLUE-Tech] Re: checking whether the computed MD5 sum (from the md5sum utility) is correct
Jed S. Baer
thag at frii.com
Fri May 10 14:21:30 MDT 2002
On Fri, 10 May 2002 13:38:00 -0600
"mazi farhang" <mazi at topoweb.com> wrote:
> Hi all,
>
> There was talk a couple of days back about checking for intrusions
> and/or trojans by checking the checksum generated by md5sum for software
> in your/bin directory (and others) against a "known-good" version. I
> was wondering if there was any reliable place where one could compare
> the result of the calculation on their own machine against a number that
> the repository has calculated (for example, some place like rpmfind)?
> Alternatively, how does one go about calculating the checksum for a
> particular binary from the rpm that generated it (and other binaries, I
> assume).
I'll assume that others on this list will come up with better ideas than I
have for doing this "after the fact". For future reference, you might
consider using Tripwire.
http://sourceforge.net/projects/tripwire
http://www.tripwire.org/
http://www.tripwire.com/
Hmmm, me wonders whether they've gone commercial?
Anyway, tripwire reports can be sorta brutal at times - too much redundant
data every day/week. But for peace of mind, it's tough to beat, I suppose.
jed
More information about the clue-tech
mailing list