Announcing: Solaris Fingerprint Database (sfpDB) on SunSolve

[Casper.Dik () HOLLAND SUN COM (Casper Dik)]

* Suppose that your system is behaving strangely,
  and you are beginning to wonder if something has changed?

* Suppose that your system has been hacked, and that you don't
  have an up-to-date checksums database?

* Suppose that you've inherited a system and have no idea how
  it may have been modified or messed around with?

...well, here's a tool that can help you.

     Announcing: Solaris Fingerprint Database (sfpDB) on SunSolve
     ------------------------------------------------------------

Where is it?

        Headline Article
        http://sunsolve.Sun.COM/

        Database User Interface
        http://sunsolve.Sun.COM/pub-cgi/fileFingerprints.pl

What is it?

  The sfpDB is a collection of MD5 digests ("fingerprints") for most
  files that have ever been shipped as part of Solaris products, as
  well as many unbundled products, too.

  The database allows mapping of fingerprints to pathnames, as well as
  providing package version/identifier and product name.  This is, of
  course, a one to many mapping, as some files occur in several
  products, and the database aims to supply all canonical pathnames
  for each file.

What use is it?

  There are some occasions when the integrity of a binary is
  questionable; by using "sfpDB", an administrator can quickly
  determine whether the file in question is one that Sun has actually
  shipped as part of a product.

  The motivation for this database was to help customers undertake
  post-mortem checks after a hacking incident; although it is better
  to do a complete reinstall, the ability to do a quick check on
  selected binaries can help you identify whether strange symptoms
  that you experience on your system may be result of tampering.

  That said, this tool will have many more uses beyond post-mortems,
  including software package identification, and pathname reconstruction
  for unlinked files.

Are there more services planned?

  We (the sfpDB team) are investigating releasing not only the sfpDB
  service on the web, but also the complete database source, and are also
  looking at integrating the service with other tools.

What software is indexed in the database?

  Although the database is *not* definitive, the intention is to make
  this collection as comprehensive as possible, covering operating-system
  releases, unbundled products, and patches.

  We've included Solaris releases from 2.0 onwards, the only Solaris
  release missing is 2.5.1/PPC.

  Alpha/Beta products will not be considered for inclusion.

  Symbolic-link information is not indexed.

  Because of the nature of the automatic checksums gathering process,
  we can only include checksums from files in Solaris package format.
  ie: no SunOS 4.x products or self-extracting, self-installing
  products such as some cross-platform Java based products.

Where can I send feedback/ask questions/seek marketing information?

  Mail to: fingerprints () sun com

Who are the sfpDB team?

  Casper Dik, Alec Muffett & Vasanthan Dasan