Re: [suse-security] netstat-output
To verify an installed package against a RPM, use:
rpm -Vp packagename.rpm
This of course is trivial for an attacker to circumvent, the RPM database is not really protected at all.
That's why it may be an excellent idea to back up the rpm data base on floppy...
Ok that's a little better but still an attacker can beat it (replace the rpm binary for example).
... together with the rpm binary (which is statically linked as well for other reasons). While you're at it, storing md5 sums of at least all the files shown by rpm -qal and all files in /etc is a very good idea too. Volker
This of course is trivial for an attacker to circumvent, the RPM database is not really protected at all.
That's why it may be an excellent idea to back up the rpm data base on floppy...
*grin* /var/lib/rpm: total 60752 drwxr-xr-x 2 root root 4096 Nov 22 23:50 . drwxr-xr-x 35 root root 4096 Dec 7 00:04 .. -rw-r--r-- 1 root root 16384 Dec 7 02:00 conflictsindex.rpm -rw-r--r-- 1 root root 12976128 Dec 7 02:00 fileindex.rpm -rw-r--r-- 1 root root 32768 Dec 7 02:00 groupindex.rpm -rw-r--r-- 1 root root 49152 Dec 7 02:00 nameindex.rpm -rw-r--r-- 1 root root 29051784 Dec 7 02:00 packages.rpm -rw-r--r-- 1 root root 86016 Dec 7 02:00 providesindex.rpm -rw-r--r-- 1 root root 19890176 Dec 7 02:00 requiredby.rpm -rw-r--r-- 1 root root 16384 Dec 7 02:00 triggerindex.rpm rpm -qa|wc -l 1205 Hint: `rpm --rebuilddb´ reduces the size drastically, sometimes...
... together with the rpm binary (which is statically linked as well for other reasons).
While you're at it, storing md5 sums of at least all the files shown by rpm -qal and all files in /etc is a very good idea too.
Volker
Thanks,
Roman.
--
- -
| Roman Drahtmüller
I keep a database of all my files md5sum's and anytime I download anything I can check it against that db. Keeps me from accidently duplicating files. Useful when you have 100+ gigs of files. Is there any easy way to trick someone by making a replaced file have the same md5 sum by adding in useless bits at the end or something? Just curious if tripwire or similar programs somehow check for something like that. *^*^*^* Have the courage to take your own thoughts seriously, for they will shape you. -- Albert Einstein On Wed, 6 Dec 2000, Volker Kuhlmann wrote:
To verify an installed package against a RPM, use:
rpm -Vp packagename.rpm
This of course is trivial for an attacker to circumvent, the RPM database is not really protected at all.
That's why it may be an excellent idea to back up the rpm data base on floppy...
Ok that's a little better but still an attacker can beat it (replace the rpm binary for example).
... together with the rpm binary (which is statically linked as well for other reasons).
While you're at it, storing md5 sums of at least all the files shown by rpm -qal and all files in /etc is a very good idea too.
Volker
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
I keep a database of all my files md5sum's and anytime I download anything I can check it against that db. Keeps me from accidently duplicating files. Useful when you have 100+ gigs of files. Is there any easy way to trick someone by making a replaced file have the same md5 sum by adding in useless bits at the end or something? Just curious if tripwire or similar programs somehow check for something like that.
*^*^*^* Have the courage to take your own thoughts seriously, for they will shape you. -- Albert Einstein
On Wed, 6 Dec 2000, Volker Kuhlmann wrote:
To verify an installed package against a RPM, use:
rpm -Vp packagename.rpm
This of course is trivial for an attacker to circumvent, the RPM database is not really protected at all.
That's why it may be an excellent idea to back up the rpm data base on floppy...
Ok that's a little better but still an attacker can beat it (replace
In theory MD5 can be tricked with, its unlikely (but theoretically possible)
so most people that need a secure hash algorithm use SHA1 (guess what it
stands for =).
Kurt Seifried, seifried@securityportal.com
SecurityPortal - your focal point for security on the 'net
----- Original Message -----
From: "Michael"
binary for example).
... together with the rpm binary (which is statically linked as well for other reasons).
While you're at it, storing md5 sums of at least all the files shown by rpm -qal and all files in /etc is a very good idea too.
Volker
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (4)
-
Kurt Seifried -
Michael -
Roman Drahtmueller -
Volker Kuhlmann