Stuart Henderson wrote on 18/12/08 21:14: > On 2008-12-18, jul <jul_...@yahoo.fr> wrote: >> a small question, is there any way to check integrity of installed >> packages'binaries ? > > yes, by (ab)using pkg_create: > > for i in `find /var/db/pkg -name +CONTENTS`; do > pkg_create -nf $i > /dev/null > done
exactly, what i want. thanks a lot stuart for archives, seriously and as said before, it's only one step in investigation. it doesn't replace a dd + forensic analysis for a compromised host. But when you are suspicious and there is no mtree/samhain/aide/else, it helps.