verify binary files

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\der.hans at <-
MMMKevinBuettnerkev@primenet.com at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Kevin Buettner
Date:  
Subject: verify binary files
On Feb 22, 2:22pm, der.hans wrote:

> Am 22. Feb, 2001 schwäzte Kevin Buettner so:
>
> > On Feb 22, 1:09pm, Craig White wrote:
> >
> > > If I recall, someone listed a command that would verify and list any
> > > binaries that had changed - does anyone know what the command was?
> >
> > It depends on the distribution. On Red Hat systems, try ``rpm --verify''.
>
> That should work for any rpm-based dist, right?

Right.

> It'll cover anything installed from the package management system,
> but will miss the stuff installed from tarballs, etc.

Right again.

> Craig might be looking for tripwire, though. I think there's an Open
> Source package on Source Forge that does the same stuff as tripwire.
>
> I don't see a similar option for dpkg or apt-get. The /usr/ports stuff
> would have to use something similar to tripwire.

Can someone give me a brief primer on how tripwire is implemented? I
read somewhere recently that it uses a kernel module on linux and
basically watches for open() calls (where write access is requested)
on specific system files. Is this right or not?


This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-alpha boxverify binary files->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)