[EMAIL PROTECTED] (William R. Ward) writes: > One way to test if you have been hacked is to run an MD5 checksum of > key binaries and look to see if it's been replaced by the intruder. > Is there any place where the MD5 sums of individual executable files > (not the .deb files, but the /usr/bin/xxxx files that come from them) > can be obtained?
The info you're looking for can, for most packages at least, be found in /var/lib/dpkg/info/*.md5sums. These files have MD5 sums for all files included in the .deb. Note that if you get hacked you can no longer rely on these files (so put them some place safe *before* you let other folks use or connect to your machine). Of course, /usr/bin/md5sum is also suspect and can not be relied upon to tell you the truth. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
