On 2008-10-27 08:24 +0100, David Baron wrote: > The newest debsums from Sid can do a daily check for md5 disagreement. Useful > for security?
Not really. An attacker that can modify system files can and will also update the md5sums under /var/lib/dpkg/info. Besides, scanning each and every installed file takes _really_ long, so it is not recommended to run this daily. > This check flags a load of missing files which are either obsolete -- maybe I > once had 'em but they are long gone -- or ... I never had 'em. > > Two prime examples: > > The former, Sun Java 1.5 stuff. Has been superseded by 1.6 and this was > always > be Sun's installation rather than anything from Debian. The latter > /usr/loca/Adobe . . . acrobat stuff. I never had a local version. Most > entries > seem to be internationalization stuff. Do you have localepurge installed? It will delete many l10n files that debsums will report then. > There is a (now empty) /etc/debsums-ignore. If this can be set to exclude > directories, I can easily suppress the check on these files. That's not how it works, unfortunately. These files will still be checked, only the final output is filtered. Have a look at debsums' cron script to convince yourself if you don't trust me. > Question is where > the program gets the info to look for them in the first place? >From the *.md5sums files under /var/lib/dpkg/info. Sven -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
