Verifying authenticity of ubuntu updates
On Dec 18, rkhunter (root kit detector) emailed me about several executables that were updated on my sytem:
/bin/login
/bin/su
/usr/
/usr/bin/newgrp
/usr/bin/passwd
/usr/
/usr/
/usr/
/usr/sbin/grpck
/usr/
/usr/sbin/pwck
/usr/
/usr/
/usr/
/usr/sbin/vipw
Usually I can easily associate such changes with me running an update and finding matches to pathnames of updated executables in my logs like this:
#!/bin/sh
pathname=$1
packagename=
grep -hw $packagename /var/log/dpkg.log* | sort
This time although these were all in the dpkg logs, I didn't recall running adept-updater around the time of the change (I may have run some general update from the command line, not sure).
My question/request:
1) Is there a official list of recent-updates I can retrieve from launchpad on the package file date+time level ?
2) Is there a list of md5 (or sha1) signatures on the file level anywhere on launchpad (not on my system) that I can use to verify that my executables are legitimate?
Ideally there would be a web page on launchpad were I would enter something like:
/usr/sbin/vipw
and it would give me back a list (reverse sorted by time most recently updated on top) of lines like this:
file date+time package version md5sum
/usr/sbin/vipw 2008-12-18 08:45:27 GMT passwd 1:4.1.1-1ubuntu1.2 e50b549349b822f
This way I can verify for sure that any of my files which might be suspect is legit.
Thank you!
Question information
- Language:
- English Edit question
- Status:
- Solved
- For:
- Ubuntu Edit question
- Assignee:
- No assignee Edit question
- Solved by:
- Bulat
- Solved:
- Last query:
- Last reply: