On 2007-07-29, Mathias Brodala <[EMAIL PROTECTED]> wrote: > This is an OpenPGP/MIME signed message (RFC 2440 and 3156) > --------------enig6620D8D79CB50A9B1AFF7AB2 > Content-Type: text/plain; charset=UTF-8 > Content-Transfer-Encoding: quoted-printable > > Hi Douglas. > > Douglas Allan Tutty, 29.07.2007 18:35: >> Boot the box from something like the install CD, go to a shell, mount >> your / partition ro, noexec. >>=20 >> I think the install CD has md5sum installed. Run: >> #md5sum /bin/login. >>=20 >> On my i386, I get: >>=20 >> 2ee32ff74e474c4d9fc9df6f1460980f /bin/login > > You should also tell the exact version of the "login" package you are usi= > ng. > Otherwise this number is useless. > > With 1:4.0.18.1-11 on i386 I get this: > >> 004a41bb9196f1888bd89c2245910f46 /bin/login >
Which is just what I got too. I found an old Mepis CD, booted into that, mounted my / partition, ran md5sum on /bin/login, and out came the same answer, for the same version of /bin/login. So I'm going to proceed as if I've been lucky, have not been rootkit-ed, and will continue on with hardening my laptop without reinstalling. Thanks for your help! Tyler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
