[kwlug-disc] server compromised

Adam Glauser adamglauser at gmail.com
Thu May 14 09:24:05 EDT 2009

john at netdirect.ca wrote:
> If your package manager supports file verification use it. RPM based systems can 
> use "rpm -Va". Save the output and manually inspect all the changed files.

Have you ever heard of a rootkit which installs a modified rpm that 
would return a false positive verification of packages it had changed? 
I think that some viruses on Windows will hamstring antivirus software 
if they can get around it in the first place, making detection much more 
difficult.  It seems like a logical move to try something similar with 
package verification.

More information about the kwlug-disc mailing list