Re: rootkit?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: <fedora-list@xxxxxxxxxx>
Subject: Re: rootkit?
From: Tony Nelson <tonynelson@xxxxxxxxxxxxxxxxx>
Date: Mon, 12 Dec 2005 00:50:16 -0500
In-reply-to: <20051211173313.GA2923@xxxxxxxxxxxxxxxxxxx>
List-help: <mailto:[email protected]?subject=help>
List-id: For users of Fedora Core releases <fedora-list.redhat.com>
List-post: <mailto:[email protected]>
List-subscribe: <https://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <https://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=unsubscribe>
References: <1134289871.28658.1.camel@xxxxxxxxxxxxxxxxxxxxxxx> <200512110031.03504.gene.heskett@xxxxxxxxxxx> <1134279327.31877.45.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <200512110045.23394.gene.heskett@xxxxxxxxxxx> <1134280282.3320.68.camel@xxxxxxxxxxxxx> <f84880b00512102159g4718f0aanabae7ffb73cb308c@xxxxxxxxxxxxxx> <1134281336.31877.52.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <f84880b00512102220w36c3b946o5e662abe408f2ba@xxxxxxxxxxxxxx> <1134283076.31877.62.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <1134289202.3177.6.camel@xxxxxxxxxxxxxxxxxxxxx> <1134289871.28658.1.camel@xxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

At 5:33 PM +0000 12/11/05, James Wilkinson wrote:
>Michael A. Peters wrote:
>> Sun use to (still does?) allow you to enter an md5sum and it would tell
>> you exactly what file it matched, along with what patch level.
>
>Ralf Corsepius replied:
>> rpm based systems have "rpm {-V|--verify}", which provide a comparable
>> feature.
>
>Unfortunately, this is pretty useless if you can't trust the RPM
>database.
>
>And on a compromised machine, you can't trust the RPM database.
>
>And, unfortunately, prelinking means that you can't even compare them to
>a "known good" machine.

You can use the RPM database from that machine, as RPM knows to "unprelink"
before doing its checks.

Or you can unprelink everything yourself.  man prelink
____________________________________________________________________
TonyN.:'                       <mailto:tonynelson@xxxxxxxxxxxxxxxxx>
      '                              <http://www.georgeanelson.com/>

References:
- Re: rootkit?
  - From: Ralf Corsepius
- rootkit?
  - From: Gene Heskett
- Re: rootkit?
  - From: Craig White
- Re: rootkit?
  - From: Gene Heskett
- Re: rootkit?
  - From: Scot L. Harris
- Re: rootkit?
  - From: Kam Leo
- Re: rootkit?
  - From: Craig White
- Re: rootkit?
  - From: Kam Leo
- Re: rootkit?
  - From: Craig White
- Re: rootkit?
  - From: Michael A. Peters
- Re: rootkit?
  - From: James Wilkinson

Prev by Date: FC4 - Problems during the reboot process
Next by Date: Re: Alsa (Sound)
Previous by thread: Re: rootkit?
Next by thread: Re: rootkit?
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]