Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : md5 sums different on 5 different servers

[greggster]

I have 3 boxes as dom0 and 3 domU (RHEL 5 Xen) and for /bin/mount the md5sum is different on each case. stat /bin/mount shows the same information, as well as the file size - anyone seen this before - got me nervous.

Thanks!

[AmyWilliams]

Perhaps you'd get more help in the VPS forum.

[ldcdc]

Seems Technical material to me, so moved to that forum.

[dysk]

I assume that you're saying that the md5sum is different for each mount binary.

Check rpm -Vf /bin/mount on each box and see if the mount binaries match the RPM database. Also check the util-linux packages on each machine and see if they're the same version.

[LoganNZ]

Probably dif versions, different install dates?

[jluis]

You can check if the version of the RPM is identical in all 5 boxes and then you can check the MD5 of the mount file against the RPM database.

The following is an example of the commands involved:

jluis@Asterix:~> rpm -qf /bin/mount
util-linux-2.12r+2.13rc2+git20070725-24.2

jluis@Asterix:~> rpm -q --dump util-linux-2.12r+2.13rc2+git20070725-24.2|grep bin/mount

/bin/mount 74720 1192207682 11498e66ecf039a5262b9564369f87af 0104755 root root 0 0 0 X

jluis@Asterix:~> md5sum /bin/mount
11498e66ecf039a5262b9564369f87af /bin/mount

As you can see, the MD5 from my mount file matches the RPM database for that file. If you see diferent MD5 hashes between the RPM database and the file, then you could have a security issue.

Regards,
Jorge Luis

[applicurearun]

VPS forum please!

[jvmhost]

Not sure where this is or is not continued on VPS forum.
As some updates include prelink rerun, the md5sum may change.
You can verify all your copies with
prelink -y --md5 /bin/mount