[vox-tech] Verify Ubuntu files
Rick Moen
rick at linuxmafia.com
Mon Aug 11 17:59:00 PDT 2008
Quoting Brian Lavender (brian at brie.com):
> Is there a way to verify the integrity of binary files in an Ubuntu
> system?
Boot a live CD, validate your IDS database from its cryptographic
signature, and check your system against the IDS records. (This of
course presupposes that you installed and configured a good IDS,
well in advance.)
> I just back from Defcon and I was wondering if I can inventory
> installed packages to make sure they are still the same.
Consider: 1. If you had such a tool installed _on_ a suspect system,
you would not be able to trust it -- because of it being on a suspect
system. 2. If that tool kept its datafiles on the suspect system, you
wouldn't be able to trust them, either. (Same reason.)
Of possible related interest: http://linuxgazette.net/issue98/moen.html
(Excerpt:
That sort of false reassurance is the same one often encountered
among users of RPM-based systems reassured by the results of running
"rpm -Va" to "verify" the md5sum signatures of installed files: The
values are "verified" against a simple Berkeley DB record in
/var/lib/rpm -- which of course a competent intruder will update to
match his changes.
)Z
More information about the vox-tech
mailing list