rootkit?
Tony Nelson
tonynelson at georgeanelson.com
Mon Dec 12 05:50:16 UTC 2005
At 5:33 PM +0000 12/11/05, James Wilkinson wrote:
>Michael A. Peters wrote:
>> Sun use to (still does?) allow you to enter an md5sum and it would tell
>> you exactly what file it matched, along with what patch level.
>
>Ralf Corsepius replied:
>> rpm based systems have "rpm {-V|--verify}", which provide a comparable
>> feature.
>
>Unfortunately, this is pretty useless if you can't trust the RPM
>database.
>
>And on a compromised machine, you can't trust the RPM database.
>
>And, unfortunately, prelinking means that you can't even compare them to
>a "known good" machine.
You can use the RPM database from that machine, as RPM knows to "unprelink"
before doing its checks.
Or you can unprelink everything yourself. man prelink
____________________________________________________________________
TonyN.:' <mailto:tonynelson at georgeanelson.com>
' <http://www.georgeanelson.com/>
More information about the fedora-list
mailing list