Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
virustotal seems like a nice 'project' but its not, well, completely free/opensource.
Could we have a bootable iso that would check 'common' (not user compiled) binaries in given partition, create a list of sha256 or similar hashes, and upload it on some public server? there it could be compared with other users, and give us some 'evaluation' of security. just like virustotal but in more 'opensource' way?
something like 'cruft' for debian, but that would check hashsums.
There are no guarantees that repositories are 'clean' but it would help?
afaik any decent package manager checks for checksum.
gentoo has now some sort of checksum for the repros when you sync.
and gentoo has for ages checksum on patches and the stuff you download in the distfiles
I'd ditch outdated debian when they are not able to do basic tasks like software tree and download verifications. read what the guy who wrote xscreensaver wrote on his homepage about debian for example
This is just my opinion.
I tried Virus Total and after a very short time removed all traces of it.
I found it and the company to be very intrusive.
I still get emails from them after 6 months "begging" me to give them a second try.
thanks Habitual,
but that uses md5, also if someone managed to modify elf, he could do the same with local md5sum?
anyway, I've started collecting hashes myself:
It is intended to be installed and run for REAL TIME monitoring.
Just add it to your own bootable recovery media. They probably don't want to force a different distribution on you.
Are you just looking for excuses NOT to run a virus checker???
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.