IPS Package Verification

Show how we can verify a package has not been compromised:

root@solaris:~# pkg verify iperf

Let's check the permission bits of iperf:

root@solaris:~# ls -l /bin/iperf

Let's say someone changed the permissions bits like this:

root@solaris:~# chmod 777 /bin/iperf

Let's verify again, and it will return an error:

root@solaris:~# pkg verify iperf

Now let's fix this package:

root@solaris:~# pkg fix iperf

The next few lines show an interesting way of getting a package name from a arbitrary file. Let's take vi editor for test. We first get a SHA1 digest of /usr/bin/vi

root@solaris:~# digest -a sha1 /usr/bin/vi

Since the digest is saved in the package DB, we can search for that hash and see what matches it:

root@solaris:~# pkg search -l f2495fa19fcc4b8a403e0bd4fef809d031296c68

How can we use it? Imagine someone has renamed some important file to hide his tracks. Using this method we can find out the original name of the file.