On 5/2/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
yea. i'll keep that in mind. too bad it doesnt work in an audit.
Since you didn't state the requirements of the audit, it's not surprising that the answers don't satisfy that.
seriously, is there anything that a) can be queried against? b) compared against? c) hashs of files? d) etc?
You still don't say what you're trying to verify. If you're trying to prove that a given binary was built from patched source, you should build the binary you'll use and take a cryptographic hash of it (say, using the 'sha1' command) and write down the hash somewhere unalterable (CDROM? Paper in a safe? Lithograph on your wall?). You can then verify whether that *EXACT* binary is still in use by taking the hash again and comparing against your earlier copy. But that's *not* the same as asking whether a patched binary is in use. Note that the binary you build might not have the same hash as one built on another system; the path of your build tree is included in the ELF bits of the binary, as may other pieces of information... Philip Guenther
