On Saturday 11 October 2003 21:26, Andrew Gaffney wrote:
Andrew Gaffney wrote:
Tom Wesley wrote:
On Saturday 11 October 2003 19:31, Tom Wesley wrote:
On Saturday 11 October 2003 18:48, Andrew Gaffney wrote:
Tom Wesley wrote:
On Friday 10 October 2003 20:52, Andrew Gaffney wrote:
Due to a recent hack into my Slackware server, now my Gentoo server, I want to write a script that scans all binaries, or even all files, computes their MD5SUM, and compares it to what portage calculated it to be when it was installed. Does something already exist like this?
emerge gentoolkit
to check timestamps qpkg -tc to check md5 qpkg -mc to check both qpkg -c
Someone already suggested this. The problem is that it only tells you how many files don't match, not which ones.
Try qpkg -c -vv
Of course you can also use qpkg -c -v to show only the altered files.
That does work, but I do feel like re-inventing the wheel this afternoon :)
I've run into a problem. Binaries that have been prelinked no longer match the recorded MD5SUM or modification time. How does portage deal with this, or does it?
Oddly enough I had thought the same when all my binaries showed as changed. I think that portage is unable to deal with this, you prelink after portage has installed and forgotten about the files... I'm thinking it would be better to use tripwire or such if you need to create a 'snapshot' of how the system looks...
I could do that, but I want to contribute something back to Gentoo. It'd be nice to have something that uses portage instead of its own database of file sizes, mtimes, and MD5's. Also, I don't like starting projects and not finishing them :)
-- Andrew Gaffney
-- [EMAIL PROTECTED] mailing list
