Re: Certifying a RedHat Install
From: Eric Gunnett (eric_at_zoovy.com)
Date: Thu, 15 Jul 2004 14:15:56 -0700 To: <firstname.lastname@example.org>, <email@example.com>
Out it in writing that you did not install any back doors. Have them hire an independant auditor to verify this. Sounds to me like they just do not trust you, and at that point there is not much you can say to them in order for them to believe you have not installed any backdoors.
>>> abe <firstname.lastname@example.org> 07/14/04 01:42PM >>>
Thanks for everyone's answers so far, but perhaps I need to restate my question...
>>>What can I do to assure my customer that I have installed no back doors for
rpm -Va will check the size, date & permissions of all rpm installed files. I
don't know if it will do an md5 or similar. But such a command would be a quick
integrity test, yes?
md5's of most of the system will allow direct comparisons with a known good RH9
I have to use RH9 as the application they need only works on RH9. Otherwise,
yes I'd've installed a more current version or different flavor...