-----Original Message----- From: Jonathan Hutchins
... I did a CRC check against ALL of the system files. They're fine. I checked RPM before I used it to check the rest of the system.
RPM's a great tool for a lot of things, including verifying system integrity. ...
It's VERY hard to hack an RPM system in such a way as to conceal tampering with files within the packages. Not impossible, but hard in a way that the low-level simplicity of rootedoor tends to contraindicate.
On this note, other than CRC checking and MD5 checksum options, is there any kind of an equivalent with Debian for this type of check? I'm guessing no. Although, it might be possible to build an rpm database of installed software on a Debian box and then use that as an additional check. Of course there's nothing, stopping a cunning cracker from building an RPM database, setting the timestamp and copying it onto the cracked system. Something possible with Jonathon's box too. Jonathon, was your check done with a local copy of the RPM database, or an archived known good copy? Certainly, if I were a cracker, installing a new copy of the RPM database would be part of my initial and every subsequent loading of software onto a cracked system. After all, to be successful at cracking it best to remain undetected.
Brian