In the last episode (Feb 10), Jerry McAllister said: > > hello, im using FBSD 4.9 ... IS there a way to check the checksum > > on binairies like "ls , ps" etc.. to check for rootkits ? > > > > On Solaris you can run md5 on a binary and compare it against a > > utility on SUNS website that will cehck the finger print to see > > whether the binary is part of a rootkit or the original binary. > > Does Freebsd have a tool like this ? > > The checksums are available for the ISOs on the FreeBSd site in the > same directory as the ISOs. > > As for individual routines, I don't know.
mtree is great for this. Run "mtree -k sha1digest,time,size -c -p /etc", save the output to a secure location, and run "mtree -p /etc < mtree.txt" later to verify timestamps and checksums. Although it's mainly for self-verification. I suppose you could run it against the live cdrom. -- Dan Nelson [EMAIL PROTECTED] _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"