Home > Articles

  • Print
  • + Share This
This chapter is from the book

Verifying the Integrity of Downloaded Software

When downloading binaries from the Internet, you must make sure that the software is indeed what you expect it to be. If the Web site has been compromised, the software could have been replaced by one containing viruses or backdoors. Apache Software Foundation members digitally sign the released software, so you can check that an attacker has not modified it. The signatures are contained in the files with asc extensions. You can find instructions on how to check the validity of the signatures at http://httpd.apache.org/docs-2.0/install.html#download.

If you are installing Apache from an RPM provided by your vendor, there is a similar mechanism to check its integrity and authenticity with the -K option, as shown here:

# rpm -v -K package.rpm
  • + Share This
  • 🔖 Save To Your Account