[SLL] Etch?
Glenn Stone
technoshaman at liawol.org
Mon Dec 4 12:36:13 PST 2006
On Mon, Dec 04, 2006 at 01:47:01PM -0600, Jeremy C. Reed wrote:
>Debian packages provide hashes which can be used to check what's been
>changed. For example do
>
>head /var/lib/dpkg/info/adduser.md5sums # so you can look
>
>cd /
>
>md5sum --check /var/lib/dpkg/info/adduser.md5sums
>
>
>You can loop through all of these. I think there is a debian tool to do
>same.
>
>(Yes, I know simple md5 hashs is not as complete as the rpm --verify.)
It's a lot better than a poke with a sharp stick... your average skript
kiddie is probably not going to come up with a sploit that matches the
md5sum.... I *suppose* one could also replace the info file... ultimately an
earlier poster is probably correct, that the real solution for either distro
is tripwire on write-once media... of course, depending on what you were
doing, you could potentially run some or all of your system off CD, or a
RAMDISK that read from CD... but then that requires physical access for
updating...
It all kinda depends on your level of paranoia.
-- Glenn
More information about the linux-list
mailing list