One of the faculty at our university runs RedHat (blech!). He hasn't kept the packages up to date and, subsequently, has suffered an intrusion. I was called in as the recovery team.
I discovered that RedHat's rpm package manager has a really cute feature. If you run "rpm --verify -a", it will check the MD5 sums, user/group ownerships, sizes, and permissions of all of the files that came in any of the packages. It's VERY handy for seeing what was messed with after an intrusion. (It also flags which ones are configuration files so that you know, of the ones that fail the MD5 check, which ones you shouldn't really be as worried about). Does dpkg have something like this? As a side note, does anyone know if RedHat has a tool like dselect, that lets you fetch all of the updated packages and install them? - Joe
