Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: need good md5 hash for sudo

  1. #1
    Join Date
    Dec 2007
    Beans
    370

    need good md5 hash for sudo

    Before I tell rkhunter to ignore the fact that the "properties have changed" warning in regards to sudo (by issuing the --popupd parameter), I would like to be sure. Could someone either provide me with a md5 checksum for sudo (1.8.3p1-1ubuntu3.6) from Ubuntu 12.04 LTS Server or explain to me how to find a clean value with which to compare my own? Thank you.

    BTW - mine is: de6380daaa142c01df328fb8dd6e43bb /usr/bin/sudo

  2. #2
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: need good md5 hash for sudo

    Same version I have installed.

    Code:
    ii  sudo                                   1.8.3p1-1ubuntu3.6                      Provide limited super user privileges to specific users
    Code:
    56c83980cd46ac029a2f01a1f2eda0a7  /usr/bin/sudo
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  3. #3
    Join Date
    Dec 2007
    Beans
    370

    Re: need good md5 hash for sudo

    hmmm.... that's not good then, huh? Since the checksums don't match....

  4. #4
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: need good md5 hash for sudo

    Quote Originally Posted by rebeltaz View Post
    hmmm.... that's not good then, huh? Since the checksums don't match....
    Uh, yep.

    I just checked another 12.04 box and it has the same md5sum as my other post. Did you get any other hash mismatch errors ?
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  5. #5
    Join Date
    Dec 2007
    Beans
    370

    Re: need good md5 hash for sudo

    I got a few

    Code:
    ...exists on the system, but it is not present in the rkhunter.dat file.
    and
    Code:
    ...it is whitelisted for the 'script replacement' check.
    warnings.

    The only other thing out of place is this:
    Code:
    [23:05:15] Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: Ruby script, ASCII text
    I do not understand. I did a fresh install from a newly downloaded ISO directly from Ubuntu. I enabled ufw and only allowed ports 80 and 443 from the out side world. I did allow ports 22, 21 and 8888 (for ispConfig) from two of my local computers only. I made sure that ssh did not allow root login. I changed my login passwords to totally different strings with alphanumeric characters as well as symbols. Last night I disallowed ssh login with password altogether and created RSA pairs. While apache has been running for a few days, the sites themselves were only last night put back online....

  6. #6
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: need good md5 hash for sudo

    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  7. #7
    Join Date
    Dec 2007
    Beans
    370

    Re: need good md5 hash for sudo

    Before I posted here, I did find a lot of discussion similar to that page, and it looks from there as if the warnings aren't too worrysome, and I can understand that based on how rkhunter is determining suspicious files, but I am a little concerned about the sudo hash difference.

  8. #8
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: need good md5 hash for sudo

    Check the hash of the deb files:
    https://launchpad.net/ubuntu/+source...3p1-1ubuntu3.6

    /var/cache/apt/archives if I remember right.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  9. #9
    Join Date
    Dec 2007
    Beans
    370

    Re: need good md5 hash for sudo

    hmmm... the only files/checksums I see on that site are two .gz files and a .dsc file (whatever that is), while the sudo* file in .../apt/archives is a .deb file.

    BUT....

    Just for the heck of it, I ran md5 on the sudo file on my laptop 12.04 (desktop version instead of server), which dpkg shows as version 1.8.3p1-1ubuntu3.4 (instead of 3.6) and it shows the exact same hash as the 3.6 version on my server.

    When I ssh'd into the server, I did notice that apt is not upgrading the packages:
    linux-headers-generic-lts-saucy linux-image-generic-lts-saucy

    Is it possible that even though dpkg lists sudo as v3.6 (on the server), until I do a local apt-get upgrade that file won't be updated properly and is still showing the hash of the older version?

    Tomorrow when I have local access to the server, I'll apt upgrade and run md5 again.

  10. #10
    Join Date
    Sep 2006
    Beans
    7,290
    Distro
    Lubuntu Development Release

    debsums

    You can also use the package debsums to check the MD5 checksums for installed packages.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •