* This one time, at band camp, Andy Eager said:
> Jamie Wilkinson wrote:
>
> > This one time, at band camp, Andy Eager said:
> >
> >> a) Periodically, examine all running tasks.
> >> b) For each task, do an 'rpm --verify' for the package that this
> >> process belongs to.
> >
> >
> > How about a virus that renames itself to 'ls', you check the process list
> > and verify that ls is in the package database.
> >
> If a virus did copy something over ls, it would be caught as follows:
>
> rpm -qif `which ls` would return the package name fileutils
> rpm --verify fileutils would show that ls had been modified.
>
And if it were rpm that got trojaned?
--
Greeno <[EMAIL PROTECTED]>
GnuPG Key : 1024D/B5657C8B
Key fingerprint = 9ED8 59CC C161 B857 462E 51E6 7DFB 465B B565 7C8B
Imagine working in a secure environment and finding the string
_NSAKEY in the OS binaries without a good explanation
-Alan Cox 04/05/2001
PGP signature
