Re: checking checksums on binaries and checking for rootkits
In the last episode (Feb 10), Jerry McAllister said: > > hello, im using FBSD 4.9 ... IS there a way to check the checksum > > on binairies like "ls , ps" etc.. to check for rootkits ? > > > > On Solaris you can run md5 on a binary and compare it against a > > utility on SUNS website that will cehck the finger print to see > > whether the binary is part of a rootkit or the original binary. > > Does Freebsd have a tool like this ? > > The checksums are available for the ISOs on the FreeBSd site in the > same directory as the ISOs. > > As for individual routines, I don't know. mtree is great for this. Run "mtree -k sha1digest,time,size -c -p /etc", save the output to a secure location, and run "mtree -p /etc < mtree.txt" later to verify timestamps and checksums. Although it's mainly for self-verification. I suppose you could run it against the live cdrom. -- Dan Nelson [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: checking checksums on binaries and checking for rootkits
> > hello, > im using FBSD 4.9 ... IS there a way to check the checksum on binairies > like "ls , ps" etc.. to check for rootkits ? > > On Solaris you can run md5 on a binary and compare it against a utility on > SUNS website that will cehck the finger print to see whether the binary is > part of a rootkit or the original binary. Does Freebsd have a tool like > this ? The checksums are available for the ISOs on the FreeBSd site in the same directory as the ISOs. As for individual routines, I don't know. jerry > > -- > Brent Bailey > ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
checking checksums on binaries and checking for rootkits
hello, im using FBSD 4.9 ... IS there a way to check the checksum on binairies like "ls , ps" etc.. to check for rootkits ? On Solaris you can run md5 on a binary and compare it against a utility on SUNS website that will cehck the finger print to see whether the binary is part of a rootkit or the original binary. Does Freebsd have a tool like this ? -- Brent Bailey ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"