Shortly after switching from BSD/OS to Red Hat 5.0 our site was compromised
using the recently discovered hole in named. Our attempts at recovery were
hampered by our inability to easily determine which executables had been
replaced. On other versions of Linux that I've used, the CD always came
with a live filesystem, which makes it fairly easy to compare checksums
between executables on the hard drive and the CD. Unfortunately, RH 5.0's
CD doesn't have enough free space to add a filesystem. (Maybe in an
upcoming release it should be split into two CDs.)
We eventually did a complete install from the CD, but even that left me with
a bit of an uneasy feeling, because of course the timestamps on the files are
the same, and I still couldn't easily compare checksums between the writable
and read-only media.
Is there some way to do one of the following with RPMs:
* extract files one by one from an RPM and feed them to something like
md5sum?
* get rpm to compute md5 checksums on each of the files in the archive?
* extract an rpm into a specified directory (perhaps chroot would help)?
Any of these capabilities would give me enough leverage to build the tools I
need.
Thanks,
Skip Montanaro | Musi-Cal: http://concerts.calendar.com/
[EMAIL PROTECTED] | Conference Calendar: http://conferences.calendar.com/
(518)372-5583
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
