[plug] The Community's gone Crackers
skribe
skribe at amber.com.au
Wed Aug 23 10:57:48 WST 2000
At 15:53 22/08/00, Colin Rothnie wrote:
>If you have installed a RedHat or similar RPM based system, and assuming you
>can still log on to your own machine, you should check the output of the
>'rpm -Va' command to see which files have changed since the original
>installation (see the rpm man page for details of the -V option). Pay
>special attention to any files in /sbin or /usr/sbin that are different to
>the RPM version.
Is it technically possible to forge the rpmdb so that even this doesn't
show up the compromised progs? For example, installing your own version of
the rpm package. Or rewriting the info in the db so the discrepancies
don't show up. I'm not sure the later is even possible practically, but
theoretically it is something to consider.
skribe
Purity: 62.0%
Corruption: 38.0%
Insanity: 36.3636363636364%
Weirdness factor: 31%
Experience Level: JonKatz Wannabe
Medieval Career: Black Knight
More information about the plug
mailing list