Date: Wed, 12 Dec 2001 00:43:15 -0600 From: Alfred Perlstein <bright@mu.org> To: Landon Stewart <landons@uniserve.com> Cc: security@FreeBSD.ORG Subject: Re: MD5 sum checking for installed binaries to check for intrusion or root kits... Message-ID: <20011212004315.H92148@elvis.mu.org> In-Reply-To: <3C16FB8C.9020908@uniserve.com>; from landons@uniserve.com on Tue, Dec 11, 2001 at 10:39:08PM -0800 References: <3C16FB8C.9020908@uniserve.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* Landon Stewart <landons@uniserve.com> [011212 00:39] wrote: > A while ago (a few months) recently several administrators were let go, > but were left to their own devices in the NOC until late that night. > (Don't ask me why because I couldn't tell ya!) I have not noticed any > strange happenings on any of the systems. > > They could have done who knows what to whatever system(s) they wanted > to. Without someone saying "reformat the machines or reinstall" because > thats the obvious answer, is there a way to check which files differ > from the size they should be and have the correct MD5 sum than they > should or is this asking too much? > > They are all FreeBSD machines (100%), however they differ in their > version. Some are 4.0, 4.3 etc... Hindsight is 20/20 ain't it? :) I guess you could do a fresh install then run some form of md5 over the installed machines then test against the others. Who knows, you might have actually had some honest people on your staff. -- -Alfred Perlstein [alfred@freebsd.org] 'Instead of asking why a piece of software is using "1970s technology," start asking why software is ignoring 30 years of accumulated wisdom.' http://www.morons.org/rants/gpl-harmful.php3 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011212004315.H92148>