Manualshelf

User's Manual

ManualsBrandsSolaris ManualsSoftwareCX-310-301
31323334353637383940
Solaris 9 Security CX-310-301 38
Detecting Attacks
There are various methods for detecting that an attack has taken place. This section looks at detecting
backdoor and Trojan Horse attacks.
Using Solaris Fingerprint Database
The fingerprint database supplied by Sun Microsystems provides the facility to check that Solaris
Operating Environment files have not been tampered with, or modified by an unauthorized intruder. For
single files, you can use the interactive option on Sun’s web site at:
http://sunsolve.sun.com/pub-cgi/fileFingerprints.pl
First though, you need the MD5 binary to create a local MD5 signature that can be checked against the one
held by Sun Microsystems. Get this from:
http://sunsolve.sun.com/md5/md5.tar.Z
For this example, I ran
# md5-sparc /usr/bin/ls
to obtain the md5 signature for the ls command.
Then, startup the interactive fingerprint script and paste in the result from the previous command.
The partial screenshot below shows the relevant section of the screen: