LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-04-2007, 06:45 AM   #1
leapy
LQ Newbie
 
Registered: Aug 2007
Posts: 13

Rep: Reputation: 0
use apt-get to check for altered files?


Hello

I am not sure if certain executables have been altered on my server. Is there a way to get apt-get to validate (using MD5?) files to show which have been altered since package installation?

Thanks

Leapy
 
Old 08-04-2007, 10:33 AM   #2
Gethyn
Member
 
Registered: Aug 2003
Location: UK
Distribution: (X)Ubuntu 10.04/10.10, Debian 5, CentOS 5
Posts: 900

Rep: Reputation: 32
Why do you want to do this? If you're concerned about someone hacking in and replacing system binaries with malicious ones, I suggest starting with chkrootkit and rkhunter. If you have reason to believe that someone has hacked in, you should disconnect it from the network, boot it from a live CD and run some rootkit checks from the CD, since a clever enough rootkit can also subvert rootkit checks on the installed system.
 
Old 08-04-2007, 01:52 PM   #3
HappyTux
Senior Member
 
Registered: Mar 2003
Location: Nova Scotia, Canada
Distribution: Debian AMD64
Posts: 4,170

Rep: Reputation: 244Reputation: 244Reputation: 244
Quote:
Originally Posted by leapy
Hello

I am not sure if certain executables have been altered on my server. Is there a way to get apt-get to validate (using MD5?) files to show which have been altered since package installation?

Thanks

Leapy
Try debsums.

Code:
apt-cache show debsums
Package: debsums
Priority: optional
Section: admin
Installed-Size: 88
Maintainer: Brendan O'Dea <bod@debian.org>
Architecture: all
Version: 2.0.32
Depends: perl (>= 5.8.0-3), debconf (>= 0.5) | debconf-2.0
Filename: pool/main/d/debsums/debsums_2.0.32_all.deb
Size: 30868
MD5sum: dac5a673dca3cb787bfe0478857c58fa
SHA1: 7da1d063d7d417f7df3a2cf27df14f3e455ef2b8
SHA256: bd7347453a793561ea24829a4906cf6a073658d038947a2f9a45c874cd2defaa
Description: Verify installed package files against MD5 checksums.
 debsums can verify the integrity of installed package files against
 MD5 checksums installed by the package, or generated from a .deb
 archive.
Tag: admin::package-management, role::program, security::integrity, suite::debian, works-with::software:package
 
Old 08-05-2007, 07:51 AM   #4
leapy
LQ Newbie
 
Registered: Aug 2007
Posts: 13

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by HappyTux
Try debsums.

...
Happy - that's exactly what I needed.

Many thanks

Leapy
 
Old 08-05-2007, 05:41 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Correct me if I got this wrong but I thought debsums ties in with apt as a post-invoke? Meaning that if you install it can only hash whatever comes next. (Meaning it's limited in what it can accomplish) Another way would be to do an off-line install, then install, configure and run Aide or Samhain and then copy the config and database to readonly media.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
apt-cache version check allelopath Linux - Software 3 04-12-2005 11:40 AM
Gnome altered permissions in /dev Ovalteen Linux - Software 3 03-23-2005 05:38 AM
XF86Config-4 altered after reboot (no glx) Cyrus XIII Mandriva 2 12-02-2004 03:46 AM
Find all system files altered or added by me suguru Linux - Newbie 3 09-19-2004 01:18 PM
anyone have an un-altered smb.conf file? Zaius Linux - Newbie 3 01-13-2004 12:15 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration