Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
Re: [suse-security] netstat-output
  • From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
  • Date: Tue, 5 Dec 2000 13:06:15 -0700
  • Message-id: <009601c05ef6$d77049c0$ca00030a@xxxxxxxxxxxx>
> The message just indicates that netstat can't determine the name of the
> process - you are probably fine.
>
> Try cross checking the output of
> "ps axfu" as root
> with the output of
> "netstat -ap", also as root

Or just run lsof and look for the connections =).

> netstat will (or should) give you the PIDs even when it can't identify
> the
> process by name. "ps axfu" will give you a list of running processes
> (by name and PID). You can then check the PIDs that netstat can't
> identify with the list that ps prints out.
>
> To verify an installed package against a RPM, use:
>
> rpm -Vp packagename.rpm

This of course is trivial for an attacker to circumvent, the RPM database is
not really protected at all.

> execute this from the directory the rpm package is in (i.e. from
> /cdrom/suse/a1 or whatever). If nothing is printed out, this
> indicates that everything is ok.

Ok that's a little better but still an attacker can beat it (replace the rpm
binary for example).

> Burning updated packages onto CD-R discs is a Really Good Idea. If you
> do this, you have some assurance that the rpm package you are using to
> verify the installed files has not been altered.

This is why the packages should all by GnuPG signed. Then as long as no-one
tampers with the rpm binary or root's keyring you can keep the binaries at
ftp.badcrackerz.org and still easily verify that they haven't been modified.

> John

-Kurt


< Previous Next >