[techtalk] bizarre....

Nils Philippsen nils at wombat.dialup.fht-esslingen.de
Mon Dec 13 13:59:10 EST 1999

On Sun, 12 Dec 1999, Cynthia Dale wrote:

> 2. If your are running Red Hat Linux, run rpm -Va >rpmlist and check that
> out for a few things:
> MD5 sums
> missing files
> added files

You won't catch added files with rpm -Va -- they're just not in the
database, so they won't get checked. You might want to find setuid/setgid
binaries with 'find / -perm +6000' and ensure that they're ok:

find / -perm +6000 > /tmp/suidfiles
rpm -qf `cat /tmp/suidfiles` 2>/tmp/nopkgsuid | sort | uniq >/tmp/suidpkgs

In /tmp/nopkgsuid you'll find the files that are suid and don't belong to
a package (check those carefully). With 'rpm -V `cat /tmp/suidpkgs`' you
can verify the packages that hold suid files.

> If you're not running Red Hat, it will be a little more difficult.  Check

If you're not running a distro with RPM ... (almost anything except
Slackware, Debian, Corel (Debian derivative) and Stampede IIRC).

 Nils Philippsen / Berliner Straße 39 / D-71229 Leonberg // +49.7152.209647
nils at wombat.dialup.fht-esslingen.de / nils at fht-esslingen.de / nils at redhat.de
   The use of COBOL cripples the mind; its teaching should, therefore, be
   regarded as a criminal offence.                  -- Edsger W. Dijkstra

techtalk at linuxchix.org   http://www.linuxchix.org

More information about the Techtalk mailing list