Date: Mon, 17 Apr 2000 13:30:45 +0200
From: Casper Dik <[email protected]>
To: [email protected]Subject: Announcing: Solaris Fingerprint Database (sfpDB) on SunSolve
* Suppose that your system is behaving strangely,
and you are beginning to wonder if something has changed?
* Suppose that your system has been hacked, and that you don't
have an up-to-date checksums database?
* Suppose that you've inherited a system and have no idea how
it may have been modified or messed around with?
...well, here's a tool that can help you.
Announcing: Solaris Fingerprint Database (sfpDB) on SunSolve
------------------------------------------------------------
Where is it?
Headline Article
http://sunsolve.Sun.COM/
Database User Interface
http://sunsolve.Sun.COM/pub-cgi/fileFingerprints.pl
What is it?
The sfpDB is a collection of MD5 digests ("fingerprints") for most
files that have ever been shipped as part of Solaris products, as
well as many unbundled products, too.
The database allows mapping of fingerprints to pathnames, as well as
providing package version/identifier and product name. This is, of
course, a one to many mapping, as some files occur in several
products, and the database aims to supply all canonical pathnames
for each file.
What use is it?
There are some occasions when the integrity of a binary is
questionable; by using "sfpDB", an administrator can quickly
determine whether the file in question is one that Sun has actually
shipped as part of a product.
The motivation for this database was to help customers undertake
post-mortem checks after a hacking incident; although it is better
to do a complete reinstall, the ability to do a quick check on
selected binaries can help you identify whether strange symptoms
that you experience on your system may be result of tampering.
That said, this tool will have many more uses beyond post-mortems,
including software package identification, and pathname reconstruction
for unlinked files.
Are there more services planned?
We (the sfpDB team) are investigating releasing not only the sfpDB
service on the web, but also the complete database source, and are also
looking at integrating the service with other tools.
What software is indexed in the database?
Although the database is *not* definitive, the intention is to make
this collection as comprehensive as possible, covering operating-system
releases, unbundled products, and patches.
We've included Solaris releases from 2.0 onwards, the only Solaris
release missing is 2.5.1/PPC.
Alpha/Beta products will not be considered for inclusion.
Symbolic-link information is not indexed.
Because of the nature of the automatic checksums gathering process,
we can only include checksums from files in Solaris package format.
ie: no SunOS 4.x products or self-extracting, self-installing
products such as some cross-platform Java based products.
Where can I send feedback/ask questions/seek marketing information?
Mail to: [email protected]
Who are the sfpDB team?
Casper Dik, Alec Muffett & Vasanthan Dasan
