Hi, Dave Dittrich <dittrichat_private> wrote > I wouldn't trust the RPM database on the system to tell you the truth, > as it could be modified easily just like the original programs. > Better to check against the original CD-ROM and/or a trusted archive. You cannot trust any data on a probably infested host, doesn't necessarily mean you cannot gain any information from it. It's just a question of interpretation: - A rpm-test doesn't show any errors can strengthen the assumption that everything is alright, though it never will be a proof. On the otherside: - If the rpm-integrity test fails on several files, you'll know immediately, that something is very wrong. So I think the rpm-integrity-test serves very well, as proof of existence of a hacker. Regards, Holger ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Dec 19 2001 - 08:33:58 PST