On Saturday 11 October 2003 21:26, Andrew Gaffney wrote: > Andrew Gaffney wrote: > > Tom Wesley wrote: > >> On Saturday 11 October 2003 19:31, Tom Wesley wrote: > >>> On Saturday 11 October 2003 18:48, Andrew Gaffney wrote: > >>>> Tom Wesley wrote: > >>>>> On Friday 10 October 2003 20:52, Andrew Gaffney wrote: > >>>>>> Due to a recent hack into my Slackware server, now my Gentoo > >>>>>> server, I > >>>>>> want to write a script that scans all binaries, or even all files, > >>>>>> computes their MD5SUM, and compares it to what portage calculated > >>>>>> it to > >>>>>> be when it was installed. Does something already exist like this? > >>>>> > >>>>> emerge gentoolkit > >>>>> > >>>>> to check timestamps > >>>>> qpkg -tc > >>>>> to check md5 > >>>>> qpkg -mc > >>>>> to check both > >>>>> qpkg -c > >>>> > >>>> Someone already suggested this. The problem is that it only tells > >>>> you how > >>>> many files don't match, not which ones. > >>> > >>> Try qpkg -c -vv > >> > >> Of course you can also use qpkg -c -v to show only the altered files. > > > > That does work, but I do feel like re-inventing the wheel this afternoon > > :) > > I've run into a problem. Binaries that have been prelinked no longer match > the recorded MD5SUM or modification time. How does portage deal with this, > or does it?
Oddly enough I had thought the same when all my binaries showed as changed. I think that portage is unable to deal with this, you prelink after portage has installed and forgotten about the files... I'm thinking it would be better to use tripwire or such if you need to create a 'snapshot' of how the system looks... -- Tom Wesley
pgp00000.pgp
Description: signature
