I thoguht maybe with a live CD, that you could verify against a deb package repository.
On Mon, Aug 11, 2008 at 05:59:00PM -0700, Rick Moen wrote: > Quoting Brian Lavender ([EMAIL PROTECTED]): > > > Is there a way to verify the integrity of binary files in an Ubuntu > > system? > > Boot a live CD, validate your IDS database from its cryptographic > signature, and check your system against the IDS records. (This of > course presupposes that you installed and configured a good IDS, > well in advance.) > > > > I just back from Defcon and I was wondering if I can inventory > > installed packages to make sure they are still the same. > > Consider: 1. If you had such a tool installed _on_ a suspect system, > you would not be able to trust it -- because of it being on a suspect > system. 2. If that tool kept its datafiles on the suspect system, you > wouldn't be able to trust them, either. (Same reason.) > > Of possible related interest: http://linuxgazette.net/issue98/moen.html > > (Excerpt: > That sort of false reassurance is the same one often encountered > among users of RPM-based systems reassured by the results of running > "rpm -Va" to "verify" the md5sum signatures of installed files: The > values are "verified" against a simple Berkeley DB record in > /var/lib/rpm -- which of course a competent intruder will update to > match his changes. > )Z > _______________________________________________ > vox-tech mailing list > vox-tech@lists.lugod.org > http://lists.lugod.org/mailman/listinfo/vox-tech -- Brian Lavender http://www.brie.com/brian/ _______________________________________________ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech