>Shortly after switching from BSD/OS to Red Hat 5.0 our site was compromised
>using the recently discovered hole in named. Our attempts at recovery were
>hampered by our inability to easily determine which executables had been
>replaced. On other versions of Linux that I've used, the CD always came
>with a live filesystem, which makes it fairly easy to compare checksums
>between executables on the hard drive and the CD. Unfortunately, RH 5.0's
>CD doesn't have enough free space to add a filesystem. (Maybe in an
>upcoming release it should be split into two CDs.)
>
>We eventually did a complete install from the CD, but even that left me with
>a bit of an uneasy feeling, because of course the timestamps on the files
are
>the same, and I still couldn't easily compare checksums between the writable
>and read-only media.
>
>Is there some way to do one of the following with RPMs:
>
> * extract files one by one from an RPM and feed them to something like
> md5sum?
>
> * get rpm to compute md5 checksums on each of the files in the archive?
>
> * extract an rpm into a specified directory (perhaps chroot would help)?
>
>Any of these capabilities would give me enough leverage to build the tools I
>need.
>
>Thanks,
>
>
It would be much easyer to use RPM to check the installed files directly.
Try "rpm -q -a | less" and it will list all the packages that are
installed, along
with any errors it finds. (man rpm will give a list of the error codes, as
well as
the many other options available.
Mikkel
---
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
