Like this article? We recommend
Like this article? We recommend
Like this article? We recommend
Verifying Integrity
After you install or upgrade a system, we strongly recommend that you verify the integrity of the Sun Linux image. You can perform this task using the commands described in the previous section, but to provide a higher degree of assurance, compare the packages on the system against a trusted source such as the Sun Linux CD-ROM distribution.
It is possible to verify whether the files installed by RPM were modified after the installation by comparing them with the original .rpm file. The following command compares the installed files with the original xinetd package.
# rpm --verify -p xinetd-2.3.7-4.7x.i386.rpm
You can use a simple shell script to validate and report on the integrity of all of the RPM packages installed on a system. This result is achieved by comparing the installed packages with their counterparts from the installation or update media.
The following shell script is an example of how to generate a usable report.
# !/bin/sh
INSTALLED_RPMS="'rpm --query --all' | sort -u"
for pkg in 'ls /mnt/cdrom/RedHat/RPMS/*.rpm | sort -u'; do
short_pkg="'basename ${pkg} | sed 's/_386_pm//g''"
if [ 'echo ${INSTALLED_RPMS} | grep -wc ${short_pkg}' != 0 ]; then
rpm --quiet --verify --package ${pkg}
if [ $? = 0 ]; then
result="SUCCESS"
else
result="FAILED"
fi
printf "Package Check: %-35s RESULT: %s\n" \ ${short_pkg} ${result}
fi
done
NOTE
This verification method is most effective on newly installed or upgraded systems. For systems or packages that have been patched, this method only works if the packages signatures are tested against a patched, trusted copy of the package.
The following example illustrates how to verify packages against the package information stored in a system's local RPM database. This check is similar to the pkgchk(1M) command in the Solaris OE.
# rpm -verify filesystem-2.1.6-2 # rpm -verify apache-1.3.23-11 S.5....T c /etc/rc.d/init.d/httpd
In the example, the integrity of the first package, filesystem-2.1.6-2, was successfully verified. The check failed for the second package, apache-1.3.23-11, when the /etc/rc.d/init.d/httpd was found to have been modified.
To verify all packages on a system, use the -a option in place of the package name.
# rpm -verify –a
This capability is not a substitute for functionality such as Tripwire. This information is used only by the RPM framework to ensure that packages are completely installed, upgraded, or removed, and that all package dependencies are properly met.
After you validate the integrity of a system, use products such as Tripwire to establish a baseline database for detecting file integrity violations. The Sun Linux distribution includes the Tripwire Open Source, Linux Edition, product originally developed by Tripwire, Inc. This tool provides data integrity assurance through the collection and management of file signatures and related data. If configured properly, this tool identifies when file system objects are changed. We recommend you consider products such as Tripwire as part of an organization's overall platform security strategy.
NOTE
For more information on the Tripwire Open Source, Linux Edition product, refer to the Web site http://www.tripwire.org/.
Other methods can provide a higher degree of assurance, but those methods are outside the scope of this article. At this time, Sun does not provide a Sun Linux equivalent to the Solaris Fingerprint Database software.