On Wed, 2002-09-25 at 04:09, Kristian wrote: > I suppose that if someone managed to get into a machine, he could simply > regenerate the md5 checksums after modifying "ls, ps, top and friends".
Quite Possibly. It is not a bulletproof solution, but can be useful.. > Just another question: could anyone suggest a way to automate checks > with debsums? And why shoul I use debsums instead of simply running > stuff like tiger or integrit? I don't get it. Use both! One advantage of debsums is that you can compare md5sums against a package, rather than just the system db. If you fear that something may have been modified, you can download the .deb file and bypass anything that an attacker could modify. Of course, the debsums binary could be modified to never report that anything has changed, but every little bit helps.. -Justin
