From owner-freebsd-questions@FreeBSD.ORG Tue Feb 10 11:26:39 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A979816A4CE for ; Tue, 10 Feb 2004 11:26:39 -0800 (PST) Received: from clunix.cl.msu.edu (clunix.cl.msu.edu [35.9.2.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2363D43D1D for ; Tue, 10 Feb 2004 11:26:39 -0800 (PST) (envelope-from jerrymc@clunix.cl.msu.edu) Received: (from jerrymc@localhost) by clunix.cl.msu.edu (8.11.7p1+Sun/8.11.7) id i1AJQVQ07757; Tue, 10 Feb 2004 14:26:31 -0500 (EST) From: Jerry McAllister Message-Id: <200402101926.i1AJQVQ07757@clunix.cl.msu.edu> To: misterb@bmyster.com Date: Tue, 10 Feb 2004 14:26:30 -0500 (EST) In-Reply-To: <34605.207.5.142.198.1076441813.squirrel@new.host.name> from "Brent Bailey" at Feb 10, 2004 02:36:53 PM X-Mailer: ELM [version 2.5 PL2] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: questions@freebsd.org Subject: Re: checking checksums on binaries and checking for rootkits X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Feb 2004 19:26:39 -0000 > > hello, > im using FBSD 4.9 ... IS there a way to check the checksum on binairies > like "ls , ps" etc.. to check for rootkits ? > > On Solaris you can run md5 on a binary and compare it against a utility on > SUNS website that will cehck the finger print to see whether the binary is > part of a rootkit or the original binary. Does Freebsd have a tool like > this ? The checksums are available for the ISOs on the FreeBSd site in the same directory as the ISOs. As for individual routines, I don't know. ////jerry > > -- > Brent Bailey >