From owner-freebsd-security Tue Dec 11 22:42:17 2001 Delivered-To: freebsd-security@freebsd.org Received: from d150h247.resnet.uconn.edu (d150h247.resnet.uconn.edu [137.99.150.247]) by hub.freebsd.org (Postfix) with SMTP id 3D79237B416 for ; Tue, 11 Dec 2001 22:42:14 -0800 (PST) Received: (qmail 99478 invoked by uid 1001); 12 Dec 2001 06:40:56 -0000 Date: Wed, 12 Dec 2001 01:40:56 -0500 From: "Peter C. Lai" To: Landon Stewart Cc: security@FreeBSD.ORG Subject: Re: MD5 sum checking for installed binaries to check for intrusion or root kits... Message-ID: <20011212014056.A99465@cowbert.2y.net> Reply-To: peter.lai@uconn.edu References: <3C16FB8C.9020908@uniserve.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3C16FB8C.9020908@uniserve.com>; from landons@uniserve.com on Tue, Dec 11, 2001 at 10:39:08PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org If you were running tripwire, that would have done the job for you otherwise...but it seems like it either wouldn't have mattered, or it doesn't matter now... On Tue, Dec 11, 2001 at 10:39:08PM -0800, Landon Stewart wrote: > A while ago (a few months) recently several administrators were let go, > but were left to their own devices in the NOC until late that night. > (Don't ask me why because I couldn't tell ya!) I have not noticed any > strange happenings on any of the systems. > > They could have done who knows what to whatever system(s) they wanted > to. Without someone saying "reformat the machines or reinstall" because > thats the obvious answer, is there a way to check which files differ > from the size they should be and have the correct MD5 sum than they > should or is this asking too much? > > They are all FreeBSD machines (100%), however they differ in their > version. Some are 4.0, 4.3 etc... > > -- > Landon Stewart > > Right of Use: > The sender intends this message for a specific recipient and, as it > may contain information that is privileged or confidential, any use, > dissemination, forwarding, or copying by anyone without permission > from the sender is prohibited. Personal e-mail may contain views > that are not necessarily those of the company. > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Peter C. Lai University of Connecticut Dept. of Residential Life | Programmer Dept. of Molecular and Cell Biology | Undergraduate Research Assistant http://cowbert.2y.net/ 860.427.4542 203.206.3784 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message