On Sun, 29 Jul 2007, Tyler Smith wrote:
On 2007-07-29, Mathias Brodala <[EMAIL PROTECTED]> wrote:
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig6620D8D79CB50A9B1AFF7AB2
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Hi Douglas.
Douglas Allan Tutty, 29.07.2007 18:35:
Boot the box from something like the install CD, go to a shell, mount
your / partition ro, noexec.
=20
I think the install CD has md5sum installed. Run:
#md5sum /bin/login.
=20
On my i386, I get:
=20
2ee32ff74e474c4d9fc9df6f1460980f /bin/login
You should also tell the exact version of the "login" package you are usi=
ng.
Otherwise this number is useless.
With 1:4.0.18.1-11 on i386 I get this:
004a41bb9196f1888bd89c2245910f46 /bin/login
Which is just what I got too. I found an old Mepis CD, booted into
that, mounted my / partition, ran md5sum on /bin/login, and out came
the same answer, for the same version of /bin/login.
So I'm going to proceed as if I've been lucky, have not been
rootkit-ed, and will continue on with hardening my laptop without
reinstalling.
Thanks for your help!
Tyler
On that note, one thing that you might want to consider as part of the
hardening process is to install aide or some other file integrity checker.
Using something like that greatly helps in detecting and identifying issues
such as this.
-+-
8 out of 10 Owners who Expressed a Preference said Their Cats Preferred Techno.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
