Home > Articles > Operating Systems, Server > Solaris

  • Print
  • + Share This
Like this article? We recommend

Verifying Integrity

After you install or upgrade a system, we strongly recommend that you verify the integrity of the Sun Linux image. You can perform this task using the commands described in the previous section, but to provide a higher degree of assurance, compare the packages on the system against a trusted source such as the Sun Linux CD-ROM distribution.

It is possible to verify whether the files installed by RPM were modified after the installation by comparing them with the original .rpm file. The following command compares the installed files with the original xinetd package.

# rpm --verify -p xinetd-2.3.7-4.7x.i386.rpm

You can use a simple shell script to validate and report on the integrity of all of the RPM packages installed on a system. This result is achieved by comparing the installed packages with their counterparts from the installation or update media.

The following shell script is an example of how to generate a usable report.

# !/bin/sh

INSTALLED_RPMS="'rpm --query --all' | sort -u"

for pkg in 'ls /mnt/cdrom/RedHat/RPMS/*.rpm | sort -u'; do
  short_pkg="'basename ${pkg} | sed 's/_386_pm//g''"
  if [ 'echo ${INSTALLED_RPMS} | grep -wc ${short_pkg}' != 0 ];  then
   rpm --quiet --verify --package ${pkg} 
   if [ $? = 0 ]; then 
     result="SUCCESS"
   else
     result="FAILED"
   fi
   printf "Package Check: %-35s  RESULT: %s\n" \     ${short_pkg} ${result}
  fi
done

NOTE

This verification method is most effective on newly installed or upgraded systems. For systems or packages that have been patched, this method only works if the packages signatures are tested against a patched, trusted copy of the package.

The following example illustrates how to verify packages against the package information stored in a system's local RPM database. This check is similar to the pkgchk(1M) command in the Solaris OE.

# rpm -verify filesystem-2.1.6-2
# rpm -verify apache-1.3.23-11
S.5....T c /etc/rc.d/init.d/httpd

In the example, the integrity of the first package, filesystem-2.1.6-2, was successfully verified. The check failed for the second package, apache-1.3.23-11, when the /etc/rc.d/init.d/httpd was found to have been modified.

To verify all packages on a system, use the -a option in place of the package name.

# rpm -verify –a

This capability is not a substitute for functionality such as Tripwire. This information is used only by the RPM framework to ensure that packages are completely installed, upgraded, or removed, and that all package dependencies are properly met.

After you validate the integrity of a system, use products such as Tripwire to establish a baseline database for detecting file integrity violations. The Sun Linux distribution includes the Tripwire Open Source, Linux Edition, product originally developed by Tripwire, Inc. This tool provides data integrity assurance through the collection and management of file signatures and related data. If configured properly, this tool identifies when file system objects are changed. We recommend you consider products such as Tripwire as part of an organization's overall platform security strategy.

NOTE

For more information on the Tripwire Open Source, Linux Edition product, refer to the Web site http://www.tripwire.org/.

Other methods can provide a higher degree of assurance, but those methods are outside the scope of this article. At this time, Sun does not provide a Sun Linux equivalent to the Solaris Fingerprint Database software.

  • + Share This
  • 🔖 Save To Your Account