Date: Wed, 18 Aug 2004 17:54:00 +0300 From: Giorgos Keramidas <keramida@linux.gr> To: "Thordur Ivar B." <thib@mi.is> Cc: freebsd-security@freebsd.org Subject: Re: chfn, date, chsh INFECTED according to chkrootkit Message-ID: <20040818145400.GF7263@orion.daedalusnetworks.priv> In-Reply-To: <20040818142511.390043af.thib@mi.is> References: <20040818121102.95460.qmail@web52402.mail.yahoo.com> <20040818142511.390043af.thib@mi.is>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2004-08-18 14:25, "Thordur Ivar B." <thib@mi.is> wrote: > But still, you can only be sure if you trust you CVS checkout. > I have found it rather annyoing not have'ing checksums of each and > every file in /usr/src. And having a "secure" (man-in-the-middle > attack, etc comes in mind) way of optaining the checksum file.( A good > shell script could verify the checkout and you could sleep easy ;) > > Do correct me about the checksums if I'm wrong. Would something like this work for you? # mount /mnt/floppy # mtree -c -K cksum,flags -p . | \ bzip2 -9c - > /mnt/floppy/src.dist.bz2 # umount /mnt/floppy Then you can mount the floppy disk and check the /usr/src tree against the checksums saved by mtree with: # mount /mnt/floppy # bunzip2 -cd /mnt/floppy/src.dist.bz2 | \ mtree -u -f - # umount /mnt/floppy Any differences of the files since your last CVSup should be easy to catch with this little trick. I've just tested this on my -CURRENT installation and the bzip2'd spec file generated by the first mtree invocation is a little less than 600 KB for /usr/src. It fits nicely in a single floppy disk :-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040818145400.GF7263>