[vox-tech] Verify Ubuntu files

Brian Lavender brian at brie.com
Mon Aug 11 22:06:26 PDT 2008


I thoguht maybe with a live CD, that you could verify against a deb
package repository.

On Mon, Aug 11, 2008 at 05:59:00PM -0700, Rick Moen wrote:
> Quoting Brian Lavender (brian at brie.com):
> 
> > Is there a way to verify the integrity of binary files in an Ubuntu
> > system?
> 
> Boot a live CD, validate your IDS database from its cryptographic 
> signature, and check your system against the IDS records.  (This of
> course presupposes that you installed and configured a good IDS,
> well in advance.)
> 
> 
> > I just back from Defcon and I was wondering if I can inventory
> > installed packages to make sure they are still the same.
> 
> Consider:  1.  If you had such a tool installed _on_ a suspect system,
> you would not be able to trust it -- because of it being on a suspect
> system.  2.  If that tool kept its datafiles on the suspect system, you
> wouldn't be able to trust them, either.  (Same reason.)
> 
> Of possible related interest:  http://linuxgazette.net/issue98/moen.html
> 
> (Excerpt:  
>    That sort of false reassurance is the same one often encountered
>    among users of RPM-based systems reassured by the results of running
>    "rpm -Va" to "verify" the md5sum signatures of installed files:  The
>    values are "verified" against a simple Berkeley DB record in
>    /var/lib/rpm -- which of course a competent intruder will update to
>    match his changes.
> )Z
> _______________________________________________
> vox-tech mailing list
> vox-tech at lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech

-- 
Brian Lavender
http://www.brie.com/brian/


More information about the vox-tech mailing list