Try using aide--it checks your filesystem (checksums, inodes, timestamps, lots more) to make sure that nothing's been tampered, and mails you a daily report. http://www.debian.org/Packages/unstable/admin/aide.html. It's good stuff, expecially on machines that are just sitting around with minimal input from you. It basically does all of what you did to check your system integrity, only on a larger scale.
--Mike Steve Juranich wrote: > On 28 Sep 2000, Olaf Meeuwissen wrote: > > > bash$ man debsums > > bash$ dpkg --search `which top` > > procps: /usr/bin/top > > bash$ debsums -s procps > > > > Any output could be a problem. Of course this assumes that the listed > > md5sums have not been tampered with. They are in /var/lib/dpkg/info. > > > > Okay, after poking around a good deal, here's the diagnosis: > > 1) Log files look okay, but that doesn't count for much. > 2) md5sums for all of those things like top, ls, etc all check out. > 3) No packages have .md5sums files in /var/lib/dpkg/info with modification > dates any later than my original istallation (which was Sunday). Are > script kiddies smart enough to modify this? > > If anybody did crack my box, it's not readily apparent that they did > anything harmful. Nevertheless, the only open ports I'm going to have from > here on out is ssh, and that will be configured to accept connections ONLY > from my box in my office. > > Thanks for the help. Any further suggestions are very welcome, since I'm > still very new to all of this security stuff. > > ---------------------------------------------------------------------- > Stephen W. Juranich [EMAIL PROTECTED] > Electrical Engineering http://students.washington.edu/sjuranic > University of Washington http://rcs.ee.washington.edu/ssli > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null -- Michael J. Smith [EMAIL PROTECTED] 2250 Patterson #25 Eugene, OR 97405 (541)346-7562