Firewall Wizards mailing list archives
Re: File Integrity Check
From: "Steven M. Bellovin" <smb () research att com>
Date: Fri, 13 Aug 1999 11:32:51 -0400
In message <37B41E16.90C97437 () arris-i com>, Russell Enderby writes:
In pursuit of determining critical system files for modifications I was thinking the checksum prog 'sum' would be sufficient. Understanding that time,date, and file size can be modified under the ext2fs/ufs directory table. Is it possible to also make the 'sum' checksum appear to be correct?
'sum' is not sufficient; spoofing it is trivial.
I was under the impression tripwire uses its own special checksum prog to verify files, although would 'sum' be sufficient as well? If not does anyone know of better more thorough checksum app?
Tripwire uses a cryptographic checksum such as MD5 or SHA-1. For this purpose, that's what you need.
Current thread:
- File Integrity Check Russell Enderby (Aug 13)
- Re: File Integrity Check Marcus J. Ranum (Aug 13)
- Re: File Integrity Check Darren Reed (Aug 14)
- <Possible follow-ups>
- Re: File Integrity Check Steven M. Bellovin (Aug 13)
- Re: File Integrity Check Antonomasia (Aug 13)
- Re: File Integrity Check Bill_Royds (Aug 14)
- RE: File Integrity Check Choi, Byoung (Aug 15)
- Re: File Integrity Check Scot Anderson (Aug 15)
- Re: File Integrity Check Geva Patz (Aug 16)
- Re: File Integrity Check Adam Shostack (Aug 17)
- Re: File Integrity Check Dave Gillett (Aug 18)
- Re: File Integrity Check Bennett Todd (Aug 17)
- Re: File Integrity Check Scot Anderson (Aug 15)
- Re: File Integrity Check Bill_Royds (Aug 18)
- Re: File Integrity Check Brian Denehy (Aug 20)