OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [suse-security] netstat-output
From: Roman Drahtmueller (drahtsuse.de)
Date: Wed Dec 06 2000 - 19:13:20 CST

> > This of course is trivial for an attacker to circumvent, the RPM database is
> > not really protected at all.
>
> That's why it may be an excellent idea to back up the rpm data base
> on floppy...

*grin*

/var/lib/rpm:
total 60752
drwxr-xr-x 2 root root 4096 Nov 22 23:50 .
drwxr-xr-x 35 root root 4096 Dec 7 00:04 ..
-rw-r--r-- 1 root root 16384 Dec 7 02:00 conflictsindex.rpm
-rw-r--r-- 1 root root 12976128 Dec 7 02:00 fileindex.rpm
-rw-r--r-- 1 root root 32768 Dec 7 02:00 groupindex.rpm
-rw-r--r-- 1 root root 49152 Dec 7 02:00 nameindex.rpm
-rw-r--r-- 1 root root 29051784 Dec 7 02:00 packages.rpm
-rw-r--r-- 1 root root 86016 Dec 7 02:00 providesindex.rpm
-rw-r--r-- 1 root root 19890176 Dec 7 02:00 requiredby.rpm
-rw-r--r-- 1 root root 16384 Dec 7 02:00 triggerindex.rpm

rpm -qa|wc -l
   1205

Hint: `rpm --rebuilddb´ reduces the size drastically, sometimes...

> ... together with the rpm binary (which is statically linked as well
> for other reasons).
>
> While you're at it, storing md5 sums of at least all the files shown by
> rpm -qal and all files in /etc is a very good idea too.
>
> Volker
>

Thanks,
Roman. 

-- 
 -                                                                      -
| Roman Drahtmüller      <drahtsuse.de> //          "Caution: Cape does |
  SuSE GmbH - Security           Phone: //       not enable user to fly."
| Nürnberg, Germany     +49-911-740530 // (Batman Costume warning label) |
 -                                                                      -

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com