Re: [gentoo-user] checksum scanning

Fri, 10 Oct 2003 23:08:21 -0700

Mike Arrison wrote:
Andrew,

On Fri, Oct 10, 2003 at 02:52:50PM -0500, Andrew Gaffney wrote:

Due to a recent hack into my Slackware server, now my Gentoo server, I want to write a script that scans all binaries, or even all files, computes their MD5SUM, and compares it to what portage calculated it to be when it was installed. Does something already exist like this?


I think the problem here is that portage doesn't keep md5's of binaries.

Yes it does:

upstairs root # cat /var/db/pkg/x11-wm/fluxbox*/CONTENTS
dir /usr
dir /usr/share
dir /usr/share/commonbox
obj /usr/share/commonbox/init 1485670c0978d13afb6c60dca71355cc 1063609103
obj /usr/share/commonbox/keys 97ba84e9dbe3fc01ba0c0e00837ee584 1063609103
dir /usr/share/man
dir /usr/share/man/man1
obj /usr/share/man/man1/fluxbox.1.gz 5fe85fefae346f595961119cc076e210 1063609103
dir /usr/share/doc
dir /usr/share/doc/fluxbox-0.1.14-r2
obj /usr/share/doc/fluxbox-0.1.14-r2/README.gz feb8078b8f5eef9a0180593d71cef243 
1063609103
obj /usr/share/doc/fluxbox-0.1.14-r2/AUTHORS.gz 326cf93ec27a22f9b1b2cb6e0ebb8a6c 
1063609103
obj /usr/share/doc/fluxbox-0.1.14-r2/TODO.gz 9303e4089ff9da53201c1e8151e4ca06 
1063609103
obj /usr/share/doc/fluxbox-0.1.14-r2/COPYING.gz a136c9055c042523c7ffbfb38980920e 
1063609103
obj /usr/share/doc/fluxbox-0.1.14-r2/ChangeLog.gz 188427d4f98b965e1c39e6aae8570cbb 
1063609103
obj /usr/share/doc/fluxbox-0.1.14-r2/NEWS.gz 4d5c43443c99d15bd36829071bedbfa4 
1063609103
dir /usr/bin
obj /usr/bin/fluxbox 9f956ef9c77f0d801f0321256d95a45c 1063609103
obj /usr/bin/fbrun d1fcd0a2453ee91ee05d6b466563abc4 1063609103
dir /etc
dir /etc/X11
dir /etc/X11/Sessions
obj /etc/X11/Sessions/fluxbox bd5d9a8ba727d0ecfdf11d194e721f60 1063609103

The third field is an MD5 checksum, I believe. Someone please slap me upside my head if I'm wrong :) What I don't know is what the last field is.

--
Andrew Gaffney


--
[EMAIL PROTECTED] mailing list

Reply via email to