[vox-tech] Verify Ubuntu files
Brian Lavender
brian at brie.com
Mon Aug 11 22:06:26 PDT 2008
I thoguht maybe with a live CD, that you could verify against a deb
package repository.
On Mon, Aug 11, 2008 at 05:59:00PM -0700, Rick Moen wrote:
> Quoting Brian Lavender (brian at brie.com):
>
> > Is there a way to verify the integrity of binary files in an Ubuntu
> > system?
>
> Boot a live CD, validate your IDS database from its cryptographic
> signature, and check your system against the IDS records. (This of
> course presupposes that you installed and configured a good IDS,
> well in advance.)
>
>
> > I just back from Defcon and I was wondering if I can inventory
> > installed packages to make sure they are still the same.
>
> Consider: 1. If you had such a tool installed _on_ a suspect system,
> you would not be able to trust it -- because of it being on a suspect
> system. 2. If that tool kept its datafiles on the suspect system, you
> wouldn't be able to trust them, either. (Same reason.)
>
> Of possible related interest: http://linuxgazette.net/issue98/moen.html
>
> (Excerpt:
> That sort of false reassurance is the same one often encountered
> among users of RPM-based systems reassured by the results of running
> "rpm -Va" to "verify" the md5sum signatures of installed files: The
> values are "verified" against a simple Berkeley DB record in
> /var/lib/rpm -- which of course a competent intruder will update to
> match his changes.
> )Z
> _______________________________________________
> vox-tech mailing list
> vox-tech at lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
--
Brian Lavender
http://www.brie.com/brian/
More information about the vox-tech
mailing list