[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Checksums for OpenBSD system files



On Tue, Dec 04, 2001 at 03:15:09AM -0000, Dr. Evil wrote:
> Hi, I am trying to find out if my BSD machine has possibly been
> hacked.  I realize that the ideal thing to do if there is any question
> is to wipe the machine and reinstall, but I have absolutely no
> physical access at this time, so that's not an option.  What I would
> like to do is to get a list of the MD5 sums of all the important files
> in the standard install.  Is there such a list?  Or should I download
> the images, unpack them and md5 them?  This is with 2.8, btw.

speaking of that, *if* the machine got hacked, there is no way you can
get a negative confirmation. anything on the hacked system may be
modified, including md5sum.

that said, if you want to be reasonably sure, at least copy over your
own md5sum and preferably at least one more such tool (shasum?), maybe 
even your own shell to work with. while sshd is most likely trojaned as 
well, it is unlikely that it will intelligently modify binaries in-transit. 
that still leaves the filesystem and kernel, though.

good hunting. :)

-- 
http://web.lemuria.org/pubkey.html
pub  1024D/D88D35A6 2001-11-14 Tom Vogt <tom_(_at_)_lemuria_(_dot_)_org>
     Key fingerprint = 276B B7BB E4D8 FCCE DB8F  F965 310B 811A D88D 35A6