Understood Jason, I basically wanted the MD5's of files that may have been changed if the machine had been root'ed (ls, ps, login, etc).
The machine had been setup and connected to the Internet with Apache 1.3.24 not patched against the chunked transfer encoding vulnerability. I reinstalled Linux on the machine and updated Apache to 2.0.40, but before doing so I thought I would take the opportunity to tinker around and see if I could find any evidence of a successful exploit. It's not a mission critical machine and is not connected to the internal network. I have to admit I was a little disappointed to find that everything seemed ok. :) But only a little disappointed.......... Jim Grossl Systems Admin Lee Pesky Learning Center Boise, Idaho USA -----Original Message----- From: Jason Kohles [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 03, 2002 2:43 PM To: Jim Grossl Cc: [EMAIL PROTECTED] Subject: RE: MD5 checksum's for Redhat 7.3 binaries? Keep in mind that the checksums you received for the individual files are going to be mostly useless. For example, if you compare the checksum of /usr/lib/sendmail, do you have the sendmail provided by the sendmail package, or the compatibility one provided by postfix? In either case, which version of sendmail or postfix provided it? This is the reason that the MD5 sums for each file are included in the rpm, because if you don't have the sums that match the version of the rpm you have installed, they don't mean anything. Jason Kohles [EMAIL PROTECTED] Senior Engineer Red Hat Professional Consulting