Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-04-2007, 06:45 AM
|
#1
|
LQ Newbie
Registered: Aug 2007
Posts: 13
Rep:
|
use apt-get to check for altered files?
Hello
I am not sure if certain executables have been altered on my server. Is there a way to get apt-get to validate (using MD5?) files to show which have been altered since package installation?
Thanks
Leapy
|
|
|
08-04-2007, 10:33 AM
|
#2
|
Member
Registered: Aug 2003
Location: UK
Distribution: (X)Ubuntu 10.04/10.10, Debian 5, CentOS 5
Posts: 900
Rep:
|
Why do you want to do this? If you're concerned about someone hacking in and replacing system binaries with malicious ones, I suggest starting with chkrootkit and rkhunter. If you have reason to believe that someone has hacked in, you should disconnect it from the network, boot it from a live CD and run some rootkit checks from the CD, since a clever enough rootkit can also subvert rootkit checks on the installed system.
|
|
|
08-04-2007, 01:52 PM
|
#3
|
Senior Member
Registered: Mar 2003
Location: Nova Scotia, Canada
Distribution: Debian AMD64
Posts: 4,170
|
Quote:
Originally Posted by leapy
Hello
I am not sure if certain executables have been altered on my server. Is there a way to get apt-get to validate (using MD5?) files to show which have been altered since package installation?
Thanks
Leapy
|
Try debsums.
Code:
apt-cache show debsums
Package: debsums
Priority: optional
Section: admin
Installed-Size: 88
Maintainer: Brendan O'Dea <bod@debian.org>
Architecture: all
Version: 2.0.32
Depends: perl (>= 5.8.0-3), debconf (>= 0.5) | debconf-2.0
Filename: pool/main/d/debsums/debsums_2.0.32_all.deb
Size: 30868
MD5sum: dac5a673dca3cb787bfe0478857c58fa
SHA1: 7da1d063d7d417f7df3a2cf27df14f3e455ef2b8
SHA256: bd7347453a793561ea24829a4906cf6a073658d038947a2f9a45c874cd2defaa
Description: Verify installed package files against MD5 checksums.
debsums can verify the integrity of installed package files against
MD5 checksums installed by the package, or generated from a .deb
archive.
Tag: admin::package-management, role::program, security::integrity, suite::debian, works-with::software:package
|
|
|
08-05-2007, 07:51 AM
|
#4
|
LQ Newbie
Registered: Aug 2007
Posts: 13
Original Poster
Rep:
|
Quote:
Originally Posted by HappyTux
Try debsums.
...
|
Happy - that's exactly what I needed.
Many thanks
Leapy
|
|
|
08-05-2007, 05:41 PM
|
#5
|
Moderator
Registered: May 2001
Posts: 29,415
|
Correct me if I got this wrong but I thought debsums ties in with apt as a post-invoke? Meaning that if you install it can only hash whatever comes next. (Meaning it's limited in what it can accomplish) Another way would be to do an off-line install, then install, configure and run Aide or Samhain and then copy the config and database to readonly media.
|
|
|
All times are GMT -5. The time now is 11:31 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|