Date: Wed, 12 Dec 2001 00:43:15 -0600 From: Alfred Perlstein <bright@mu.org> To: Landon Stewart <landons@uniserve.com> Cc: security@FreeBSD.ORG Subject: Re: MD5 sum checking for installed binaries to check for intrusion or root kits... Message-ID: <20011212004315.H92148@elvis.mu.org> In-Reply-To: <3C16FB8C.9020908@uniserve.com>; from landons@uniserve.com on Tue, Dec 11, 2001 at 10:39:08PM -0800 References: <3C16FB8C.9020908@uniserve.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* Landon Stewart <landons@uniserve.com> [011212 00:39] wrote:
> A while ago (a few months) recently several administrators were let go,
> but were left to their own devices in the NOC until late that night.
> (Don't ask me why because I couldn't tell ya!) I have not noticed any
> strange happenings on any of the systems.
>
> They could have done who knows what to whatever system(s) they wanted
> to. Without someone saying "reformat the machines or reinstall" because
> thats the obvious answer, is there a way to check which files differ
> from the size they should be and have the correct MD5 sum than they
> should or is this asking too much?
>
> They are all FreeBSD machines (100%), however they differ in their
> version. Some are 4.0, 4.3 etc...
Hindsight is 20/20 ain't it? :)
I guess you could do a fresh install then run some form of md5
over the installed machines then test against the others.
Who knows, you might have actually had some honest people on your
staff.
--
-Alfred Perlstein [alfred@freebsd.org]
'Instead of asking why a piece of software is using "1970s technology,"
start asking why software is ignoring 30 years of accumulated wisdom.'
http://www.morons.org/rants/gpl-harmful.php3
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011212004315.H92148>