This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Overall Integrity Check for Astaro

I'm finding enough curious behavior on my home network to suspect that I've been compromised. I had a physical break-in to my server room last summer and suspect this might be related.

Regarding Astaro, is there a function that can verify the integrity of the files currently installed?

I believe I need to reinstall everything from the ground up, but was hoping for some form of integrity check like a global md5 checksum daemon that would verify that no critical files have been compromised, altered, or exchanged.

Thoughts or suggestions?

This thread was automatically locked due to age.

0 BrucekConvergent over 17 years ago

There's not a built-in way to do this... if you're worried about it being compromised, backup your config, zap the appliance or computer with a clean .iso image, then reload your config (and check it over to see if any changes have been made)... but if you had a physical break in, your servers are much more likely to be the compromised items, or at least as likely... if you weren't running anything like Tripwire, etc. there's no telling what's been done to those servers.
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 17 years ago

There are ways to verify files with RPM, but the results are somewhat difficult to interpret...

rpm -Va

You can do this as LOGINUSER; it doesn't need root access as it doesn't change anything.

http://nakedape.cc/wiki/PackageManagerCheatsheet

Note that a good rootkit may still not be detectable this way... in that case, consider booting off of a CD such as RIP or BackTrack and running some of the rootkit checkers such as ChkRootkit or Rootkit Hunter.

Another option would be to boot of a CD, md5 all the binaries, and compare that with a clean install of the same version.
AIDE or TripWire may be able to simplify that, if they can work off of a CD.

Barry
Cancel
Vote Up 0 Vote Down

Cancel