"Carlos E. R." <robin.listas@telefonica.net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
El 2013-01-04 a las 09:20 +0200, ellanios82 escribió:
- excuse my lack of knowledge . . . can you please give an example of how to use and compare MD5 sums for the purpose of rootkit forensics ??
There is a technique by which you record signatures of files at a time when you know they are correct, and later you compare them to see there
was no modification. Used properly it is very reliable.
- -- Cheers
(Carlos, can you change that to just "-- " before cheers. That's the standard that signifies start of signature. K9 at a minimum will cutoff signatures on replies if they have dash dash space on the line at the top of the signature.) What Carlos describes is an auditing feature. There is a recommended auditing tool in the security repo, but I don't recall the name. I haven't used it. Tripwire used to be the recommended tool, but no longer is. Google "opensuse tripwire" and you can probably find a sentence naming the new tool. Greg -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org