Re: Missing debsums and mismatches

2005-06-24 Thread Fredrik \"Demonen\" Vold 
> >>And finally:  Shouldn't packages like 'make' and 'sed' have checksums 
> >>generated?
> >Yes.  ;-)

Are they supposed to have sums?

Also, I should probably mention that this is a Sid system and it's so
far from prodcution I don't even have to spell it correctly.  I just
don't want it to become a spamsource.

I've investegated the changed stuff, and they can now all be put on
the "phew, nothing to worry about" list.  Another guy with legitimate
root access to the same box has been poking around without noting it
in our "I did this" log.
It'll be quick.  I've heard you never feel the shot when it's in the
back of the neck.  ;-)

The reinstall of the unsummed packages will commence once some more
stuff on actual production boxen is taken care of.

Don't be alarmed, I'm not The Primary Root on any production box, just
learning, testing, prodding and breaking. ;-)

Thank you for all your responses.

Oh, and Paul, thanks for the offer, but a homebrew daemon is allready
in the works.
I need network monitoring ability of this behaviour aswell.

-- 
Fredrik "Demonen" Vold
/*
- Do not meddle in the affairs of dragons, for you are crunchy and
good with ketchup.
*/

Re: Missing debsums and mismatches

2005-06-24 Thread Peer Janssen 



...
And finally:  Shouldn't packages like 'make' and 'sed' have checksums generated?
   


Yes.  ;-)
 

This could be included in the famaus automatic build and/or packaging 
system, coundn't it?


And/or there could be an automatic email warning to a developer 
uploading a package without the appropriate md5sum (or a false one).


Or so.

Peer


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Missing debsums and mismatches

2005-06-24 Thread Arthur de Jong 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


You could also do something like this to generate md5sums for packages 
that don't have them yet:

  cd /var/cache/apt/archives
  apt-get --download-only --reinstall install `debsums -l`
  debsums --generate=keep,nocheck *.deb
(redownload all deb packages that do not have md5sums and generate them)

- -- 
- -- arthur - [EMAIL PROTECTED] - http://people.debian.org/~adejong --

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCu+eDVYan35+NCKcRAlp5AKC99GtjEIrLZavdmSTtquLQ1b6ybQCgpcJd
6FOPo4zzd62YkJnfJZ7ZM5I=
=A9oi
-END PGP SIGNATURE-


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Missing debsums and mismatches

2005-06-24 Thread Paul Gear 
Fredrik "Demonen" Vold wrote:
> ...
> I've just installed debsums and ran it to see if there were any oddness.
> 
> Output of a silent run follows below the message.
> 
> My question is:
> Should I be alarmed about so many packages not having md5sums?

Should you be alarmed?  Yes.  Is it unusual?  No.  In my experience of
running sarge, there are a lot of packages like this.

There is a mitigation against this: install debsums early!  It includes
this in /etc/apt/apt.conf.d/90debsums:
DPkg::Post-Invoke { "if [ -x /usr/bin/debsums ]; then /usr/bin/debsums
--generate=nocheck -sp /var/cache/apt/archives; fi"; };

This means that any packages you install subsequently will have their
debsums generated for them if they are missing.

> ...
> I'm sure all this is just paranoia, but maybe there should be a list
> of stuff that has no md5sum?

That would be an improvement from my perspective (i'm just a user of
Debian, not a developer).

> Maybe there is one, and I'm just ignorant to that fact?

Possibly - if you find out about one, please let me know!  :-)

> ...
> Could somebody please explain to me a situation where an MD5sum change
> is OK when I'm sure I haven't touched the file in question?

I haven't seen that happen on my systems (that i know of).

> ...
> And finally:  Shouldn't packages like 'make' and 'sed' have checksums 
> generated?

Yes.  ;-)

> 
> chkrootkit has nothing to report in quiet mode, but it has external
> dependancies (sed is one of them), so I'm not really trusting it right
> now.
> Ofcourse, it does find some dotdirs, and it seems chkrootkit is even
> more paranoid about dotdirs than I am ;-)

I found that as well, so i decided to run chkrootkit through a tool that
does a diff every night in cron.  I do this with a script i created
called tracker.  You can get it by putting
deb http://apt.gear.dyndns.org/ binary/
in your /etc/apt/sources.list and running 'apt-get install tracker'.

I'd be interested in feedback on tracker if you try it.  Many of the
configuration files it uses are targeted at getting useful security
information without being overwhelmed.

-- 
Paul

--
Did you know?  Microsoft Internet Explorer and Outlook have a poor track
record for security .  Why not
try one of the more secure alternatives from ?


signature.asc
Description: OpenPGP digital signature

Missing debsums and mismatches

2005-06-24 Thread Fredrik \"Demonen\" Vold 
Greetings.
I've just installed debsums and ran it to see if there were any oddness.

Output of a silent run follows below the message.

My question is:
Should I be alarmed about so many packages not having md5sums?

I'm sure the first thing I'd do if I were to breach a Debian system
and replace binaries would be to get rid of the md5sum file for the
relevant package, but then again, why would I replace binaries like
tkmixer?
I'm sure all this is just paranoia, but maybe there should be a list
of stuff that has no md5sum?
Maybe there is one, and I'm just ignorant to that fact?

Also, I had alot of mismatches, but that's because I've modified some
files, but I've left in the log the ones that I can't account for the
change in checksum for.
Theese are left for the very end.
Could somebody please explain to me a situation where an MD5sum change
is OK when I'm sure I haven't touched the file in question?

And finally:  Shouldn't packages like 'make' and 'sed' have checksums generated?

chkrootkit has nothing to report in quiet mode, but it has external
dependancies (sed is one of them), so I'm not really trusting it right
now.
Ofcourse, it does find some dotdirs, and it seems chkrootkit is even
more paranoid about dotdirs than I am ;-)

I have no reason to think there has been an itrusion, so this is just
paranoia and willingness to learn talking.

Any comments and answers are very welcome.
Thank you for your time.

-- 
Fredrik "Demonen" Vold
/*
- Do not meddle in the affairs of dragons, for you are crunchy and
good with ketchup.
*/


--DEBSUMS MISSING--
debsums: no md5sums for at
debsums: no md5sums for autoconf2.13
debsums: no md5sums for base-files
debsums: no md5sums for bc
debsums: no md5sums for bin86
debsums: no md5sums for binutils
debsums: no md5sums for bitdefender-console-antivirus
debsums: no md5sums for bsdutils
debsums: no md5sums for bzip2
debsums: no md5sums for c2man
debsums: no md5sums for cflow
debsums: no md5sums for console-data
debsums: no md5sums for cpio
debsums: no md5sums for db4.2-util
debsums: no md5sums for debian-policy
debsums: no md5sums for debianutils
debsums: no md5sums for dict
debsums: no md5sums for doc-base
debsums: no md5sums for doc-debian
debsums: no md5sums for dosfstools
debsums: no md5sums for dpkg
debsums: no md5sums for dpkg-dev
debsums: no md5sums for dselect
debsums: no md5sums for emacs20
debsums: no md5sums for emacsen-common
debsums: no md5sums for fftw2
debsums: no md5sums for filelight
debsums: no md5sums for flex
debsums: no md5sums for g++
debsums: no md5sums for g77
debsums: no md5sums for gawk
debsums: no md5sums for gnupg
debsums: no md5sums for gnupg-doc
debsums: no md5sums for initscripts
debsums: no md5sums for iproute
debsums: no md5sums for libaudio-dev
debsums: no md5sums for libaudio2
debsums: no md5sums for libbz2
debsums: no md5sums for libbz2-1.0
debsums: no md5sums for libcrypt-blowfish-perl
debsums: no md5sums for libcupsys2
debsums: no md5sums for libdb4.1
debsums: no md5sums for libdb4.2
debsums: no md5sums for libelfg0
debsums: no md5sums for libgdbm-dev
debsums: no md5sums for libgdbm3
debsums: no md5sums for libgdbmg1
debsums: no md5sums for libgmp2
debsums: no md5sums for libgsm1
debsums: no md5sums for libident
debsums: no md5sums for liblockfile1
debsums: no md5sums for libncurses5
debsums: no md5sums for libncurses5-dev
debsums: no md5sums for libncursesw5
debsums: no md5sums for libnewt0
debsums: no md5sums for libpaperg
debsums: no md5sums for libpng2
debsums: no md5sums for libpng2-dev
debsums: no md5sums for libpng3
debsums: no md5sums for libreadline4
debsums: no md5sums for liwc
debsums: no md5sums for lockfile-progs
debsums: no md5sums for ltrace
debsums: no md5sums for lynx
debsums: no md5sums for mailagent
debsums: no md5sums for make
debsums: no md5sums for mawk
debsums: no md5sums for mime-support
debsums: no md5sums for modconf
debsums: no md5sums for module-init-tools
debsums: no md5sums for modutils
debsums: no md5sums for mount
debsums: no md5sums for mpack
debsums: no md5sums for mpg123
debsums: no md5sums for mutt
debsums: no md5sums for ncurses-base
debsums: no md5sums for ncurses-bin
debsums: no md5sums for ncurses-term
debsums: no md5sums for netbase
debsums: no md5sums for netcdfg3
debsums: no md5sums for perlbox-voice
debsums: no md5sums for php4
debsums: no md5sums for python-kjbuckets
debsums: no md5sums for qjoypad
debsums: no md5sums for rcs
debsums: no md5sums for rxvt
debsums: no md5sums for sced
debsums: no md5sums for screem
debsums: no md5sums for sed
debsums: no md5sums for slatec
debsums: no md5sums for speak-freely
debsums: no md5sums for spider
debsums: no md5sums for strace
debsums: no md5sums for svgalibg1
debsums: no md5sums for syslinux
debsums: no md5sums for sysv-rc
debsums: no md5sums for sysvinit
debsums: no md5sums for tina
debsums: no md5sums for tkmixer
debsums: no md5sums for ucf
debsums: no md5sums for update
debsums: no md5sums for util-linux
debsums: no md5sums for util-linux-locales