verify installed files
Jeff Johnson
n3npq at mac.com
Sun Nov 11 22:43:53 PST 2007
On Nov 12, 2007, at 1:19 AM, Max Waterman wrote:
> Jeff Johnson wrote:
>>
>> On Nov 11, 2007, at 11:54 PM, Max Waterman wrote:
>>
>>> Hi,
>>>
>>> I am trying to use rkhunter, which checks for root kits, and part
>>> of it's functionality requires the constructions of a table of
>>> hashes for each file on the system.
>>>
>>> However, before that is done, it is necessary to verify that the
>>> files are the same as the originals.
>>>
>>> Apparently, this can be done with a package manager, but I don't
>>> see such an option with smart. Could someone enlighten me?
>>>
>>
>> If on a rpm managed system, one can verify installed file contents
>> using md5 hashes
>> carried in packages by doing
>> rpm -Va
>>
>> The md5 hashes, if located in digitally signed package headers,
>> are quite trustworthy.
>>
>> If the headers are not signed, then the other alternative is to
>> get a readonly
>> copy of the installed packages, and then (for each package) do
>> rpm -Vp somepkg*.rpm
>> which is equally trustworthy.
>>
>> 73 de Jeff
> Ok. Thanks for the reply.
>
> Is there no way of doing this with smart? I have used smart to
> install *all* (apart from smart itself) packages - is it still ok
> to use rpm when they weren't installed using rpm? (I'm not even
> sure I have rpm installed...).
>
smart uses python bindings to rpm libraries. If this is a Fedora
system, you are very likey to have /bin/rpm
installed. smart and rpm are entirely compatible because using the
same libraries and the same database.
Bindings to rpm verify modes would not be hard to add to smart. I'm
not sure that
there has been sufficient interest.
73 de Jeff
More information about the Smart
mailing list