[SLL] Etch?
Jeremy C. Reed
reed at reedmedia.net
Mon Dec 4 11:47:01 PST 2006
> On 12/4/06, Glenn Stone <technoshaman at liawol.org> wrote:
> > rpm -qa | xargs rpm --verify
> >
> > and get an idea of your system's integrity... pre-Etch, I would not attempt
> > to simply reconstruct a compromised Debian system because there's no way to
> > really analyze what's been changed.
>
> Well, there's always tripwire.
Debian packages provide hashes which can be used to check what's been
changed. For example do
head /var/lib/dpkg/info/adduser.md5sums # so you can look
cd /
md5sum --check /var/lib/dpkg/info/adduser.md5sums
You can loop through all of these. I think there is a debian tool to do
same.
(Yes, I know simple md5 hashs is not as complete as the rpm --verify.)
More information about the linux-list
mailing list