SUSE Linux iTOps Tube

Wednesday, May 9, 2012

find out binary file tempering

Hello,

I have a box that i recently leased.

I hardened it pretty good but I'm worried that i may have missed something buried in somewhere.

i run checkrootkit, tiger and found nothing.

My question is

1-how can i find md5 of debian-6 binaries such for following files:

/etc/passwd

/bin/netstat

/bin/ls

/bin/login

/bin/cat

/bin/ps

/usr/bin/last

/usr/bin/apt-get

2- other than finding md5sum of those files and comparing; is there other methods of finding out if they're tempered with?



3 - I run the following to find setgid and got following(I know most of them are normal but just want get 2nd opinion on the ones i don't know i put * next to it)



find / -user root -perm -4000 -print

/bin/mount

/bin/su

/bin/umount

/bin/ping

/bin/ping6



/usr/bin/sudoedit

/usr/bin/gpasswd *

/usr/bin/newgrp *

/usr/bin/chfn *

/usr/bin/sudo

/usr/bin/passwd

/usr/bin/chsh *

/usr/sbin/exim4 *

/usr/lib/pt_chown *

/usr/lib/openssh/ssh-keysign



Thank you all











No comments:

Post a Comment