|
|
|
|
|
|
by 0x0
4288 days ago
|
|
|
Is there an easy way to re-validate that previously installed .debs haven't been modified? Perhaps a script to at least check all the debs in the local apt archive cache? Also, does it really affect regular apt-get upgrades? "apt-get download" isn't a common way to run apt. |
|
|
If you're asking more about verifying the files on your install, assuming you trust debsums and its data not to be powned then you'd run debsums -c or whatever. Of course a real attacker would have their highest priority to mess with debsums and its data, hmm. Also debsums is quite slow and resource intensive, so pausing for 10 minutes doesn't mean its crashed or infinite looped, it just means its doing its thing. Finally if you run vanilla and never compile and overwrite your own copy of "whatever" then debsums will work, but if for example you installed debian's apache and then compiled your own apache and overwrote the debian apache binaries (why?), all debsums is going to know is your apache isn't standard debian apache so that doesn't necessarily prove your powned or un powned, it just proves you're not running Debian's apache binary.
Google debsums, and this link will probably help
https://packages.debian.org/sid/debsums
Whatever you do, don't run "debsums -e" and freak out. At least not without reading the manpage and thinking about it a bit. OK debsums, thanks for letting me know someone modified /etc/ntp.conf, but I think that was me seeing as we have three GPS clocks on the LAN I feel no need to panic. It is an interesting command to use to see how modified a machine's install is. Oh I see you're running stock /etc/detault/ssh and no modifications at all to /etc/sysctl.conf, how interesting.