[vox-tech] possible rooted system / checking md5sum on debian

Peter Jay Salzman vox-tech@lists.lugod.org
Sun, 6 Oct 2002 10:49:02 -0700


hi mike,

yah, i'm using integrit, but i really need to pare down what gets
checked; the reports are next to useless since there's no way in hell
i'm going to read the whole thing.

currently, i scan the output for binaries and wierd stuff like "..." or
".pfloyd".  but often, the output is just so long that it's a token
scan.  not a concerted look.

just need to find some time to spend with my integrit config files.

actually, if anyone has played around with integrit, and has some
custom config files, i wouldn't mind taking a look at what you have.

btw, integrit is an open source version of tripwire.

but as you point out, it prolly doesn't do me much good at this point.
i have no idea when their breakin happened.  only when it was
discovered.  :-(

pete




begin dugan@passwall.com <dugan@passwall.com> 
> Not a direct answer to your Q, but related.
> 
> After installation of packages, AIDE or tripwire can help to check for
> file mods with md5 This does nothing for checking the package before you
> install it though. :-(
> 
> I dont know of a system to check for MD5 sums of all debain packages and
> verify. There have been discussions about how to have cert signing of
> packages, but who would be a central authority to sign packages? GPG
> might allow for a decentralized, distributed signing system, but it has
> drawbacks too. :-(
> 
> In some ways, MD5 is not as secure as gpg signed packages, but imagine
> the keyring!
> 
> Sorry I dont have an answer for you, but I would like to see what other
> people say.
> 
> -ME