Debian Integrity Checking
I had the need to check a debian install for corruption recently when a newly installed and configured server started crashing under heavy IO activity. These days, when debian stable is kicking out kernel oopses, it’s most likely bad hardware, and if random wierd stuff is happening, look at the memory first. And surely enough, they found bad memory in the server. Since bad memory can hose a lot of things, I wanted to check the installed packages to make sure that there wasn’t any latent corruption.
I’d done this before on RedHat systems with a rpm command (rpm -Va verifies all installed packages against the manifest md5 sums), but dpkg doesn’t have an equivalent command.
But there is a package, debsums, that does exactly what I needed.
sudo apt-get install debsums
sudo debsums -l
Should show a listing of all the packages where there’s no hash on file.
debsums −−generate=nocheck −sp /var/cache/apt/archives
Generates sums from the installed packages that are still in the cache.
Run sudo debsums -l
again, This shouldn’t list any packages this time — if there are still some, you may need to redownload some with the command: sudo apt−get −−reinstall −d install `debsums −l`
.
Then: sudo debsums −ca
should give a listing of all the binaries that are different from the installed versions.
** Warning, as the man page notes, this is more a check for corruption and not a substitute for a malicious activity checker like tripwire.
No comments