l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
November 4: Social gathering
Next Installfest:
TBD
Latest News:
Oct. 24: LUGOD election season has begun!
Page last updated:
2008 Aug 11 22:07

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Verify Ubuntu files
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Verify Ubuntu files



Quoting Brian Lavender (brian@brie.com):

> Is there a way to verify the integrity of binary files in an Ubuntu
> system?

Boot a live CD, validate your IDS database from its cryptographic 
signature, and check your system against the IDS records.  (This of
course presupposes that you installed and configured a good IDS,
well in advance.)


> I just back from Defcon and I was wondering if I can inventory
> installed packages to make sure they are still the same.

Consider:  1.  If you had such a tool installed _on_ a suspect system,
you would not be able to trust it -- because of it being on a suspect
system.  2.  If that tool kept its datafiles on the suspect system, you
wouldn't be able to trust them, either.  (Same reason.)

Of possible related interest:  http://linuxgazette.net/issue98/moen.html

(Excerpt:  
   That sort of false reassurance is the same one often encountered
   among users of RPM-based systems reassured by the results of running
   "rpm -Va" to "verify" the md5sum signatures of installed files:  The
   values are "verified" against a simple Berkeley DB record in
   /var/lib/rpm -- which of course a competent intruder will update to
   match his changes.
)Z
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!