On Wed, Apr 15, 2009 at 08:46:44AM -0400, Rob McBroom wrote: > On 2009-Apr-15, at 4:02 AM, Sthu Deus wrote: > >> For example, I have >> >> /usr/bin/sudo >> >> that comes from its installed package >> >> sudo >> >> My question is, How I can find out that the /usr/bin/sudo file has not >> been exchanged with another copy by some person and therefore it does >> some stuff that I'm not aware of. > > > % aptitude install debsums > % rehash > % debsums sudo
This works in the simple case, the only thing to be aware of is that if someone has the ability to change you /usr/bin/sudo, then they can probably update the debsum as well (unless debsums are signed... are they?) If you're really paranoid about this, you should consider looking at tools like tripwire or samhain. But they take considerably more effort to set up. Cheers, -- Eric Gerlach, Network Administrator Federation of Students University of Waterloo p: (519) 888-4567 x36329 e: egerl...@feds.uwaterloo.ca -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
