1999-03-05-16:53:47 dreamwvr:
> noticed that you had been hacked and were looking for a method to
> interegate your binaries and important files. Here is a suggestion
> that i have not seen that is food for thought at the least;-) Consider
> using pgps signature often missed ability to check for changes in system.
> that way if you check the files in question and they have changed and
> should not have you know that somethings up:-) but you will need to
> do some fancy footwork to keep this accurate when you legitimately
> do changes. oh..well it was just another suggestion.
PGP sigs could work --- if you had a database of the correct PGP sigs for all
the files on the system, before it got hacked.
However, MD5 checksums of all the files are sufficient for this application,
and happily he has got 'em (since it's a Red Hat release). There are MD5
checksums in the original packages on his Red Hat CD, and he can use the
original distribution boot floppies and the original CD to check 'em, avoiding
any chance of even a hoaxed kernel faking out the check.
Of course, how effective this might be will be limited by how many files have
been upgraded or added and whether known-good RPMs can be found for those
newer files.
-Bennett
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
