Russell Enderby said:
> In pursuit of determining critical system files for modifications I
was
> thinking the checksum prog 'sum' would be sufficient. Understanding
> that time,date, and file size can be modified under the ext2fs/ufs
> directory table. Is it possible to also make the 'sum' checksum
appear
> to be correct?
>
> I was under the impression tripwire uses its own special checksum
prog
> to verify files, although would 'sum' be sufficient as well? If not
> does anyone know of better more thorough checksum app?
As Carric said, tripwire uses MD5. That's much better than 'sum'.
The unix 'sum' program just computes a simple checksum based on XORing
every byte in the file. A hacker could easily modify a file and have
it come up with the same checksum as the original. The MD5 algorithm
is significantly different, and it is non-trivial (if I recall
correctly) to modify a file in such a way that it produces the same
MD5 signature. That's the entire object of tripwire, to detect file
changes on compromised systems. If you're worried about files being
changed on your systems, I'd recommend installing tripwire as your
first line of defense, and maybe a second system using a different
checksum algorithm if you're really paranoid.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
