Hi! Where does the seccheck script store the md5 sums? -- CU, Christoph
On Monday 25 February 2002 12:53, Christoph Egger wrote:
Hi!
Where does the seccheck script store the md5 sums?
In /var/lib/rpm/*.rpm It uses rpm -Va to check the md5 values from /usr/lib/secchk/security-weekly.sh # md5 check nice -n 1 rpm -Va 2> /dev/null | grep '^..5' > "$SEC_DATA/rpm-md5.new" diff -uw "$SEC_DATA/rpm-md5" "$SEC_DATA/rpm-md5.new" | \ egrep -v '^\+\+\+ |^--- |^$|^@@' | sed 's/^[+-]/& /' > "$OUT" if [ -s "$OUT" ] ; then printf "\nThe following programs have got a different md5 checksum since last week:\n" cat "$OUT" mv "$SEC_DATA/rpm-md5.new" "$SEC_DATA/rpm-md5" regards Anders
On Monday, 25. February 2002 14:34, andjoh@cicada.linux-site.net wrote:
Ah! I see. TNX. But why tells me /usr/lib/secchk/security-monthly.sh that files has changed, although I just rerunned all security-daily/weekly/monthly scripts for testing purpose? Note, this SuSE 7.3 box is fresh installed. Snip of the generated mail of the montly script: ---------------------------------------------------------- Complete list of all changed installed packages: S.5....T c /etc/pam.d/sshd S.5....T c /etc/ssh/ssh_config SM5....T c /etc/ssh/sshd_config S.5....T c /etc/hosts SM5....T c /etc/hosts.allow SM5....T c /etc/hosts.deny SM5....T c /etc/inetd.conf S.5....T c /etc/services S.5....T c /etc/securetty S.5....T c /etc/syslog.conf S.5....T /boot/message S.5....T c /etc/aliases S.5....T c /etc/mail/relay-domains S.5....T c /etc/mail/virtusertable S.5....T c /etc/sendmail.cf S.5....T c /var/log/sendmail.st S.5....T c /etc/init.d/SuSEfirewall2_final S.5....T c /etc/init.d/SuSEfirewall2_init S.5....T c /etc/init.d/SuSEfirewall2_setup SM5....T c /etc/rc.config.d/firewall2.rc.config [...] ---------------------------------------------------------- -- CU, Christoph
On Monday 25 February 2002 12:53, Christoph Egger wrote:
Hi!
Where does the seccheck script store the md5 sums?
In /var/lib/rpm/*.rpm It uses rpm -Va to check the md5 values from /usr/lib/secchk/security-weekly.sh # md5 check nice -n 1 rpm -Va 2> /dev/null | grep '^..5' > "$SEC_DATA/rpm-md5.new" diff -uw "$SEC_DATA/rpm-md5" "$SEC_DATA/rpm-md5.new" | \ egrep -v '^\+\+\+ |^--- |^$|^@@' | sed 's/^[+-]/& /' > "$OUT" if [ -s "$OUT" ] ; then printf "\nThe following programs have got a different md5 checksum since last week:\n" cat "$OUT" mv "$SEC_DATA/rpm-md5.new" "$SEC_DATA/rpm-md5" regards Anders
On Monday, 25. February 2002 14:34, andjoh@cicada.linux-site.net wrote:
Ah! I see. TNX. But why tells me /usr/lib/secchk/security-monthly.sh that files has changed, although I just rerunned all security-daily/weekly/monthly scripts for testing purpose? Note, this SuSE 7.3 box is fresh installed. Snip of the generated mail of the montly script: ---------------------------------------------------------- Complete list of all changed installed packages: S.5....T c /etc/pam.d/sshd S.5....T c /etc/ssh/ssh_config SM5....T c /etc/ssh/sshd_config S.5....T c /etc/hosts SM5....T c /etc/hosts.allow SM5....T c /etc/hosts.deny SM5....T c /etc/inetd.conf S.5....T c /etc/services S.5....T c /etc/securetty S.5....T c /etc/syslog.conf S.5....T /boot/message S.5....T c /etc/aliases S.5....T c /etc/mail/relay-domains S.5....T c /etc/mail/virtusertable S.5....T c /etc/sendmail.cf S.5....T c /var/log/sendmail.st S.5....T c /etc/init.d/SuSEfirewall2_final S.5....T c /etc/init.d/SuSEfirewall2_init S.5....T c /etc/init.d/SuSEfirewall2_setup SM5....T c /etc/rc.config.d/firewall2.rc.config [...] ---------------------------------------------------------- -- CU, Christoph
participants (2)
-
Anders Johansson
-
Christoph Egger