Re: Certifying a RedHat Install

• Previous message: Per Christian B. Viken: "Visited by a cracker"
• In reply to: abe: "Re: Certifying a RedHat Install"
• Next in thread: Michael LaSalvia: "RE: Certifying a RedHat Install"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 15 Jul 2004 15:11:22 -0700 (PDT)
To: focus-linux@securityfocus.com

abe said:
> Thanks for everyone's answers so far, but perhaps I need to restate my
> question...
>
> >>>What can I do to assure my customer that I have installed no back
> doors for myself.<<<

Well, if you start doing things like that to your customers you won't have
many left will you? You could ask them to have someone knowledgeable
stand over your shoulder, or ask them to hire someone they trust.

Maybe you need to charge more so they can trust you more. $100/h USD
should do it. ;)

> rpm -Va will check the size, date & permissions of all rpm installed
> files. I don't know if it will do an md5 or similar. But such a command
> would be a quick integrity test, yes?

No. If you are so malicious that you would leave a backdoor for yourself,
what is to stop you from installing a script of any type to make it look
like you didn't?

> md5's of most of the system will allow direct comparisons with a known
> good RH9 install.

And what about the files you don't want them to know about, such as your
so-called backdoor?

> I have to use RH9 as the application they need only works on RH9.
> Otherwise, yes I'd've installed a more current version or different
> flavor...

BS. RedHat Enterprize Linux ES 3 runs pretty much exactly as RH9 and is
the current RedHat supported release with it's somewhat working up2date
product, it's easy to keep current. I would venture a bet that anything
that runs on RH9 will be able to run on just about any Linux distro, with
a bit of work, but will most likely run on the latest RH release.

Good luck.

--
Scott

• Previous message: Per Christian B. Viken: "Visited by a cracker"
• In reply to: abe: "Re: Certifying a RedHat Install"
• Next in thread: Michael LaSalvia: "RE: Certifying a RedHat Install"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: THE BEST KEPT SECRETS OF THE COMPUTER UNDERGROUND ... Installing a backdoor for ... >>future and continued access to your computer system is simple once a ... >>Backdoor, Trojan Horse, Virus, or Worm until your blue in the face, you ... you got the thing about hidden folders right ... ... (comp.security.firewalls) Re: THE BEST KEPT SECRETS OF THE COMPUTER UNDERGROUND ... Installing a backdoor for ... >>future and continued access to your computer system is simple once a ... >>Backdoor, Trojan Horse, Virus, or Worm until your blue in the face, you ... you got the thing about hidden folders right ... ... (alt.computer.security) Re: THE BEST KEPT SECRETS OF THE COMPUTER UNDERGROUND ... Installing a backdoor for ... >>future and continued access to your computer system is simple once a ... >>Backdoor, Trojan Horse, Virus, or Worm until your blue in the face, you ... you got the thing about hidden folders right ... ... (microsoft.public.security) Re: THE BEST KEPT SECRETS OF THE COMPUTER UNDERGROUND ... Installing a backdoor for ... >>future and continued access to your computer system is simple once a ... >>Backdoor, Trojan Horse, Virus, or Worm until your blue in the face, you ... you got the thing about hidden folders right ... ... (comp.security.misc) redcarpet ?misuse? made me format for the 5th time. Why starts xterm? ... After my 4th RH9 reinstall, ... X was gone and I only could see a green screen with XTERM in ... blah, blah, and again the Xterm windows. ... stayed in the firm installing the 1st RH9 CD, ... (linux.redhat.install)