On Fri, 08 Aug 1997 09:15:06 BST "Magossa'nyi A'rpa'd"
([EMAIL PROTECTED]) wrote:
> Is dpkg can do integrity checking based on the MD5 hashes it uses?
> Our machine has been cracked, and we want to know which binaries have been
> compromised.
There are per-package md5 sums to check the integrity of the .deb you download,
but not per-file sums.
What you can do is
dpkg -iGROB <path to the binary directory of the distribution>
like:
dpkg -iGROB /cdrom/bo/binary-i386
dpkg -iGROB /cdrom/contrib/binary-i386
etc...
This will reinstall all currently installed packages. This will have the side
effect of reconfiguring everything...
If course, you'll have to check for
1) binaries in /usr/local
2) other binaries.
I'd suggest:
o Removing ALL setuid bits in your system
find / -perm +6000 | xargs chmod ug-s
or chmod -R ug-s /
(This might leave your system unusable except for root)
o Check for all device files and remove the ones which are not in /dev
find / -name /dev -prune -o ( -type b -o -type c ) -print | xargs rm
Look for permissions for /dev/* and eventually fix them...
o Do the dpkg -iGROB thing, which will resume correct setuidness.
This should give you a fairly secure system.
Disclaimer: Of course, this is just my advice, and you might destroy your
system doing this...
Phil.
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] .
Trouble? e-mail to [EMAIL PROTECTED] .
