| View previous topic :: View next topic |
| Author |
Message |
Klavs
Guru
Joined: 22 May 2002
Posts: 536
Location: Denmark
|
 Posted: Tue Oct 15, 2002 7:04 am Post subject: Verifying package integrity? |
 |
|
Hi guys,
is it possible to verify package integrity of the packages installed via Emerge?
for instance with rpm I would do rpm -V <packagename> - could this be done with epm -V <packagename> (it doesn't work as of now)?
The major reason for my asking is that I'm using a kernel patch+utilities called vserver, that enables me to have a safe "root" server, which doesn't run services and from where I can keep a backup of my "rpm / epm /deb" database and verify my files and thus know for sure, wether or not my server has been hacked, and what they did to it.
See this link:http://www.solucorp.qc.ca/changes.hc?projet=vserver&version=0.21
_________________
Best regards,
Klavs Klavsen
Denmark
Working with Unix is like wrestling a worthy opponent.
Working with windows is like attacking a small whining child
who is carrying a .38. |
|
| Back to top |
|
 |
rac
Bodhisattva
Joined: 30 May 2002
Posts: 6553
Location: Japanifornia
|
| Posted: Tue Oct 15, 2002 7:25 am Post subject: |
|
|
While I'm not aware of an existing tool that does this (not to say that there isn't one: lots of things exist that I'm unaware of), the information needed to do this does seem to be present. Each installed package has a directory in /var/db/pkg, which contains a file CONTENTS. Each entry in CONTENTS (corresponding to a single file) has something that looks like an MD5 checksum and something that looks like a modification timestamp.
_________________
For every higher wall, there is a taller ladder |
|
| Back to top |
|
|
Klavs
Guru
Joined: 22 May 2002
Posts: 536
Location: Denmark
|
| Posted: Tue Oct 15, 2002 7:31 am Post subject: |
|
|
Indeed it does. And I guess the numbers after the md5sum, is the bits set on the file? if so the epm -V option be just as good as the RPM equivalent.. Gentoo will soon rule the world 
_________________
Best regards,
Klavs Klavsen
Denmark
Working with Unix is like wrestling a worthy opponent.
Working with windows is like attacking a small whining child
who is carrying a .38. |
|
| Back to top |
|
|
rac
Bodhisattva
Joined: 30 May 2002
Posts: 6553
Location: Japanifornia
|
| Posted: Tue Oct 15, 2002 7:40 am Post subject: |
|
|
| Klavs wrote: | | And I guess the numbers after the md5sum, is the bits set on the file? |
I was guessing modification time in seconds since the epoch.
_________________
For every higher wall, there is a taller ladder |
|
| Back to top |
|
|
Klavs
Guru
Joined: 22 May 2002
Posts: 536
Location: Denmark
|
| Posted: Tue Oct 15, 2002 7:50 am Post subject: |
|
|
Darn.. It would really be good to have at least bit information (including suid/not suid) saved, so one can check that that hasn't changed.
otherwise, it can not replace aide/tripwire/etc. 
_________________
Best regards,
Klavs Klavsen
Denmark
Working with Unix is like wrestling a worthy opponent.
Working with windows is like attacking a small whining child
who is carrying a .38. |
|
| Back to top |
|
|
|
Portage & Programming
