l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2008 Aug 12 01:32

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Verify Ubuntu files
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Verify Ubuntu files

I thoguht maybe with a live CD, that you could verify against a deb
package repository.

On Mon, Aug 11, 2008 at 05:59:00PM -0700, Rick Moen wrote:
> Quoting Brian Lavender (brian@brie.com):
> > Is there a way to verify the integrity of binary files in an Ubuntu
> > system?
> Boot a live CD, validate your IDS database from its cryptographic 
> signature, and check your system against the IDS records.  (This of
> course presupposes that you installed and configured a good IDS,
> well in advance.)
> > I just back from Defcon and I was wondering if I can inventory
> > installed packages to make sure they are still the same.
> Consider:  1.  If you had such a tool installed _on_ a suspect system,
> you would not be able to trust it -- because of it being on a suspect
> system.  2.  If that tool kept its datafiles on the suspect system, you
> wouldn't be able to trust them, either.  (Same reason.)
> Of possible related interest:  http://linuxgazette.net/issue98/moen.html
> (Excerpt:  
>    That sort of false reassurance is the same one often encountered
>    among users of RPM-based systems reassured by the results of running
>    "rpm -Va" to "verify" the md5sum signatures of installed files:  The
>    values are "verified" against a simple Berkeley DB record in
>    /var/lib/rpm -- which of course a competent intruder will update to
>    match his changes.
> )Z
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech

Brian Lavender
vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.