LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-07-2009, 07:05 AM   #1
sumeetn
LQ Newbie
 
Registered: Jul 2009
Distribution: Redhat Linux
Posts: 2

Rep: Reputation: 0
Difference in MD5 Checksum - RPM Vs MD5SUM


Hi,

The MD5 checsum stored in the RPM Databse differs from the checksum calculated by the md5sum utility program. For example, i tried comparing the MD5 checksum value for "/usr/bin/find" in the RPM database with the checksum calculated by the MD5SUM command.

# md5sum /usr/bin/find
2d71bc2313ca11d673946e03dcc90fbd /usr/bin/find



# rpm -qf /usr/bin/find
findutils-4.1.20-7.el4.1

# rpm -q --dump findutils-4.1.20-7.el4.1
/usr/bin/find 49168 1144278767 8fd33efba96b7ee0318a22bd14abdfab 0100755 root root 0 0 0 X
/usr/bin/xargs 11988 1144278767 64bf50fec10d9121020c9a3439c6c7b5 0100755 root root 0 0 0 X
/usr/share/doc/findutils-4.1.20 4096 1144278767 00000000000000000000000000000000 040755 root root 0 0 0 X
....

Does this indicate that my PC has been compromised? I was assuming that the checksum should match. I have a Redhat linux Enterprise Edition 4.0 on a Intel PC

- Sumeet Nigam
 
Old 07-07-2009, 07:09 AM   #2
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
Hi.

It's probably because you've got 'prelink' running through cron - it modifies binaries as it runs.

Try 'rpm -V findutils' instead. The rpm verify de-prelinks binaries before it checks them, then re-prelinks them after.

Dave
 
Old 07-07-2009, 08:08 AM   #3
sumeetn
LQ Newbie
 
Registered: Jul 2009
Distribution: Redhat Linux
Posts: 2

Original Poster
Rep: Reputation: 0
You are right !!!

Quote:
Originally Posted by ilikejam View Post
Hi.

It's probably because you've got 'prelink' running through cron - it modifies binaries as it runs.

Try 'rpm -V findutils' instead. The rpm verify de-prelinks binaries before it checks them, then re-prelinks them after.

Dave
Hi Dave,

Thanks for your inputs. Indeed prelink was modifying the binary. I have used the command:

prelink -u /usr/bin/find

and calculated the MD5 check sum. It matched with RPM output.

Thanks,
Sumeet Nigam
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
md5 checksum manz00r Slackware 14 06-30-2008 09:47 AM
Is MD5 Checksum enough? tededlin Linux - Newbie 2 08-02-2006 11:27 PM
md5 checksum aruna Rawat Fedora - Installation 2 06-03-2005 10:59 AM
MD5 Checksum hitest Mandriva 7 05-21-2005 06:06 PM
MD5 Checksum codedv Linux - Distributions 5 12-07-2003 08:28 AM


All times are GMT -5. The time now is 01:29 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration