/tagged/Linux/page/2

How to generate an MD5sums file of packages

Start by querying the Red Hat package manager

rpm -ql coreutils | grep bin > files1

This gets a listing of all the executables in that rpm, dumping them into a file called files1.

Next, copy the file to a file called “file2”, open up file 2, and go through it, deleting every line that contained a file rkhunter had told you about (there were several executables in coreutils that didn’t get updated as a result of this bugfix).  At this point you have a file with all the files in the package, and a file with the all the files in the package that DIDN’T change. Next, run the following command:

diff file1file2 | grep \< | cut -d \< -f 2 > changedfiles

This command takes all the lines in file1 that aren’t in file2 and dumps them into a file called “changedfiles”.  Unfortunately, it results in a leading whitespace in each line, which can be manually removed since there probably aren’t that many lines.  The number of lines should be equal to the number of files that rkhunter warned you about.

Using this file, run the following bourne shell script to get a checksum of all the files into the file called “md5sums”:

#!/bin/sh

FILELIST=`cat changedfiles`;
for FILE in $FILELIST
do
md5sum $FILE » md5sums
done

Finally, compare the checksums and md5sums against RHN, made sure they were all good.

md5sum -c md5sums | grep -v OK

No news is good news at this point, it means that all the files matched, so go ahead and update rkhunter’s database with the current hash values.

2 years ago 

Red Hat Shenanigans

An “update” or “patch” in Linux is just a file that overwrites the old file, so it will have a different hash value than the old file. Rootkit Hunter will warn you about this, and it gets annoying!

The procedure for this sort of event is as follows:

  1. Look at the files that rkhunter tells us have changed, and try to figure out what package they’re in.  We do this by using the —whatprovides flag in the rpm command.  For the /bin/basename file, we would do: 

    [root@boxname ~]# rpm -q --whatprovides /bin/basename 
    coreutils-5.97-23.el5_4.1

    We can see from the output that that file is part of the coreutils package.
  2. Query the rpm database to find out when the coreutils package was last updated: 
    [root@boxname ~]# rpm -q --last coreutils 

    coreutils-5.97-23.el5_4.1 ... 04:36:11 AM PDT

    We can see it was last updated at 4:36 AM this morning.
  3. Now we need to know whether or not it was supposed to be updated.  If we’ve received an RHN email saying that there’s a coreutils update available (it might even list the box by name), we can be pretty confident that the update is legit.  If not, we log into RHN and check the Event History for this machine (click on the machine in the list you see under “Systems”, click the “Events” tab, and click the “History” tab under that.)  If we see something like: 
    Errata Update: RHBA-2009:1511-1 - coreutils bug fix update scheduled by (Red Hat)


    with a green check mark next to it, it’s clear that RHN successfully applied the update to the coreutils package at 7:36 AM eastern time.  Since this matches the time in our query from step 2 (we’re off by a few seconds, but that’s probably okay), we can be pretty sure that the update is legit.  If we REALLY want to be sure, we can search for the coreutils package on RHN, look at the file listing, check the md5sum listed for the /bin/basename file, and compare it to the md5sum of that file on the local box (remember rkhunter uses sha1sum, so we would need to manually generate the md5sum using the “md5sum” command).  If they match, we know for sure we’re okay.
  4. Once we’re sure the file(s) are legit, we update the hashes in the rkhunter database using rkhunter --propupd.

2 years ago 

RK Hunter: an overview from CSU Fresno

Even though installing RKhunter is as easy as yum install rkhunter I wanted to know how it works and what goes on behind the scenes. Assistant Professor Gregory R. Kriehn from the CSUFreno department of Electrical and Computer Engineering provided this nice overview of a manual install. Good stuff, thanks Prof. Kriehn!

2 years ago 

Use md5sum to Verify Data Integrity

So I started with this how-to article, and am working with the Red Hat Network’s MD5 sum values…

2 years ago 

Accountability Pal 0.1.1

Accountability Pal 0.1.1
Copyright (C) 2005 Brian C. Wiles. All Rights Reserved.
http://www.accountabilitypal.org/

README
January 9, 2005

CONTENTS:
INSTALLATION FROM SOURCE CODE ON LINUX/UNIX


This program is in its early development stages, but it should work for
basic web and file sharing monitoring. If you already know what
Accountability Pal is and just want to get down to using it, skip to
the installation sections below.

If you have any questions, feel free to contact me via the SourceForge
Project Page at:

http://sourceforge.net/projects/accpal

INSTALLATION FROM SOURCE CODE ON LINUX/UNIX
—————————————————————-

Prior to installing, you will need the following installed:

- libharu PDF library
http://sourceforge.net/projects/libharu/


Next, you will need to do the following:

1. The usual:

./configure
make
make install

2. Edit /etc/accpal.conf as needed.

3. Run “accpal” to start monitoring.

4. To generate reports, run “apreport”.


My preferred method of configuring above is:

./configure —prefix=/usr —sysconfdir=/etc

Your mileage may vary. Visit http://www.accountabilitypal.org for details and support.

2 years ago 

Fedora keyboard shortcuts

2 years ago 

Accountability software for Linux?

Hmmm… Accountabilitypal looks like an interesting project. Like having x3watch for Linux. There are other projects that I have been looking at: http://www.hanclinto.com/mediawiki/index.php/BarEleazar makes use of the driftnet project. There does seem to be a lack of this software for the Linux platform… Right now I will be investigating NET-responsibility

2 years ago 

How to generate an MD5sums file of packages

Start by querying the Red Hat package manager

rpm -ql coreutils | grep bin > files1

This gets a listing of all the executables in that rpm, dumping them into a file called files1.

Next, copy the file to a file called “file2”, open up file 2, and go through it, deleting every line that contained a file rkhunter had told you about (there were several executables in coreutils that didn’t get updated as a result of this bugfix).  At this point you have a file with all the files in the package, and a file with the all the files in the package that DIDN’T change. Next, run the following command:

diff file1file2 | grep \< | cut -d \< -f 2 > changedfiles

This command takes all the lines in file1 that aren’t in file2 and dumps them into a file called “changedfiles”.  Unfortunately, it results in a leading whitespace in each line, which can be manually removed since there probably aren’t that many lines.  The number of lines should be equal to the number of files that rkhunter warned you about.

Using this file, run the following bourne shell script to get a checksum of all the files into the file called “md5sums”:

#!/bin/sh

FILELIST=`cat changedfiles`;
for FILE in $FILELIST
do
md5sum $FILE » md5sums
done

Finally, compare the checksums and md5sums against RHN, made sure they were all good.

md5sum -c md5sums | grep -v OK

No news is good news at this point, it means that all the files matched, so go ahead and update rkhunter’s database with the current hash values.

Red Hat Shenanigans

An “update” or “patch” in Linux is just a file that overwrites the old file, so it will have a different hash value than the old file. Rootkit Hunter will warn you about this, and it gets annoying!

The procedure for this sort of event is as follows:

  1. Look at the files that rkhunter tells us have changed, and try to figure out what package they’re in.  We do this by using the —whatprovides flag in the rpm command.  For the /bin/basename file, we would do: 

    [root@boxname ~]# rpm -q --whatprovides /bin/basename 
    coreutils-5.97-23.el5_4.1

    We can see from the output that that file is part of the coreutils package.
  2. Query the rpm database to find out when the coreutils package was last updated: 
    [root@boxname ~]# rpm -q --last coreutils 

    coreutils-5.97-23.el5_4.1 ... 04:36:11 AM PDT

    We can see it was last updated at 4:36 AM this morning.
  3. Now we need to know whether or not it was supposed to be updated.  If we’ve received an RHN email saying that there’s a coreutils update available (it might even list the box by name), we can be pretty confident that the update is legit.  If not, we log into RHN and check the Event History for this machine (click on the machine in the list you see under “Systems”, click the “Events” tab, and click the “History” tab under that.)  If we see something like: 
    Errata Update: RHBA-2009:1511-1 - coreutils bug fix update scheduled by (Red Hat)


    with a green check mark next to it, it’s clear that RHN successfully applied the update to the coreutils package at 7:36 AM eastern time.  Since this matches the time in our query from step 2 (we’re off by a few seconds, but that’s probably okay), we can be pretty sure that the update is legit.  If we REALLY want to be sure, we can search for the coreutils package on RHN, look at the file listing, check the md5sum listed for the /bin/basename file, and compare it to the md5sum of that file on the local box (remember rkhunter uses sha1sum, so we would need to manually generate the md5sum using the “md5sum” command).  If they match, we know for sure we’re okay.
  4. Once we’re sure the file(s) are legit, we update the hashes in the rkhunter database using rkhunter --propupd.

RK Hunter: an overview from CSU Fresno

Even though installing RKhunter is as easy as yum install rkhunter I wanted to know how it works and what goes on behind the scenes. Assistant Professor Gregory R. Kriehn from the CSUFreno department of Electrical and Computer Engineering provided this nice overview of a manual install. Good stuff, thanks Prof. Kriehn!

Use md5sum to Verify Data Integrity

So I started with this how-to article, and am working with the Red Hat Network’s MD5 sum values…

Accountability Pal 0.1.1

Accountability Pal 0.1.1
Copyright (C) 2005 Brian C. Wiles. All Rights Reserved.
http://www.accountabilitypal.org/

README
January 9, 2005

CONTENTS:
INSTALLATION FROM SOURCE CODE ON LINUX/UNIX


This program is in its early development stages, but it should work for
basic web and file sharing monitoring. If you already know what
Accountability Pal is and just want to get down to using it, skip to
the installation sections below.

If you have any questions, feel free to contact me via the SourceForge
Project Page at:

http://sourceforge.net/projects/accpal

INSTALLATION FROM SOURCE CODE ON LINUX/UNIX
—————————————————————-

Prior to installing, you will need the following installed:

- libharu PDF library
http://sourceforge.net/projects/libharu/


Next, you will need to do the following:

1. The usual:

./configure
make
make install

2. Edit /etc/accpal.conf as needed.

3. Run “accpal” to start monitoring.

4. To generate reports, run “apreport”.


My preferred method of configuring above is:

./configure —prefix=/usr —sysconfdir=/etc

Your mileage may vary. Visit http://www.accountabilitypal.org for details and support.

Fedora keyboard shortcuts

Accountability software for Linux?

Hmmm… Accountabilitypal looks like an interesting project. Like having x3watch for Linux. There are other projects that I have been looking at: http://www.hanclinto.com/mediawiki/index.php/BarEleazar makes use of the driftnet project. There does seem to be a lack of this software for the Linux platform… Right now I will be investigating NET-responsibility

How to generate an MD5sums file of packages
Red Hat Shenanigans
RK Hunter: an overview from CSU Fresno
Use md5sum to Verify Data Integrity
Accountability Pal 0.1.1
Fedora keyboard shortcuts
Accountability software for Linux?

About:

Feralo is the creative portfolio of Noah Spahn. Spahn is a painter with degree in Studio Arts from Biola University, a deep interest in several marked periods of Art History, and Artists ranging from Caravaggio to Immendorf.

His work is typically a veiled glimpse into some facet of his current musings. The mediums used vary as much as their application, whilst the human form is generally the vehicle. Themes may include transcendental aesthetics or the rejection of visceral urges amidst the complexities of commonplace social environs. He has also been known to produce the occasional 'automatic painting', the interpretation of which probably lies in the realm of his unconscious.

During his 25 year career as an Artist, Spahn has worked as a commissioned limner, 3D modeler, architectural draftsman, aerosol muralist, portraitist, graphic designer, creative consultant and advertising director.