On Wed, 13 Feb 2002, Seth Arnold wrote: > If this is for one of your own machines, wouldn't it be far simpler to > replace rpm's --verify handler with a function that always returns > "this package looks fine" ?
no, it wouldn't. i used to think this, too. however, even on your unhaked redhat boxes that you use a few MD5 sums come up missing, cuz they're volitile or config files. ie sendmail.cf. an attacker would notice that NOTHING gets noticed and hence would become suspicious. <laughs> ok, smart attackers, you know, that rumored kind. </seen too many script kiddies> i whipped up a small tool to do this, modify an RPM database. just peruse the RPM API and make a small app to do it. pretty simple to do, really. alternatively, use a LRK4 style config file to tell rpm what files to ignore for various items (ie MD5 sums). ____________________________ jose nazario [EMAIL PROTECTED] PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu)