Suppose someone got root access to my machine and replaced some files, e.g.
Warning: The command '/bin/which' has been replaced by a script: /bin/which: POSIX shell script text executable
Warning: The command '/usr/sbin/adduser' has been replaced by a script: /usr/sbin/adduser: a /usr/bin/perl script text executable
Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne-Again shell script text executable
Warning: The file properties have changed:
File: /usr/bin/lynx
Current hash: 95e81c36428c9d955e8915a7b551b1ffed2c3f28
Stored hash : a46af7e4154a96d926a0f32790181eabf02c60a4
Warning: The file properties have changed:
File: /usr/bin/perl
Current hash: 9421cf93b65a5f19bcd488701829b467ebdee94e
Stored hash : cf8654ebebf4090950b2d08a48e793f5971dbbe0
Current inode: 1187480 Stored inode: 1272435
Current file modification time: 1353976294 (27-Nov-2012 04:31:34)
Stored file modification time : 1303497765 (22-Apr-2011 22:42:45)
Warning: The file properties have changed:
File: /usr/bin/rpm
Current hash: 9b04ded7ba468b19f06d4d0e37be0e6845a4800a
Stored hash : 0480bbd95f7f2f674476c431002fbe276a3fe160
Current inode: 1237990 Stored inode: 1241342
Current file modification time: 1358445795 (17-Jan-2013 22:03:15)
Stored file modification time : 1261508004 (22-Dec-2009 21:53:24)
Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: a /usr/bin/perl -w script text executable
Warning: The file properties have changed:
File: /usr/bin/lynx.cur
Current hash: 95e81c36428c9d955e8915a7b551b1ffed2c3f28
Stored hash : a46af7e4154a96d926a0f32790181eabf02c60a4
Current inode: 1188390 Stored inode: 1239733
Current file modification time: 1353340520 (19-Nov-2012 19:55:20)
Stored file modification time : 1262672629 (05-Jan-2010 09:23:49)
debsums shows all OK, but what if installed packages checksums were upated along the files?
Can I verify local checksums to ones in repositories?
0 Answers