[tclug-list] Debian problem: apt-get not working

Wed Mar 30 08:18:36 CST 2005

Do a ``dpkg -l PACKAGE`` to see what the version is that's installed.
Also make certain that you have disk space with ``df``.  If /var is
starting to look full, do an ``apt-get clean`` to remove packages from
the apt cache.  You can also increase the verbosity of installs through
environment variables for dpkg (see the manpage).  Lastly, you can
manually download the packages from http://security.debian.org.

Lastly, but perhaps something you should also consider, is that your
machine may already be compromised...  Maybe.  You should install a Host
Intrusion Detection System (HIDS) such as AIDE, Samhain, or Tripwire,
which you update with EVERY package installation.

I recall there being a way to create md5sum on installed files for those
packages that don't have them (which are very few, now a days).

  Package: debsums
  Priority: optional
  Section: admin
  Installed-Size: 64
  Maintainer: Brendan O'Dea <bod at debian.org>
  Architecture: all
  Version: 2.0.16
  Depends: perl (>= 5.8.0-3), debconf (>= 0.5) | debconf-2.0
  Filename: pool/main/d/debsums/debsums_2.0.16_all.deb
  Size: 21046
  MD5sum: 051b67e8283720012d64c3e141d11182
  Description: Verify installed package files against MD5 checksums.
   debsums can verify the integrity of installed package files against
   MD5 checksums installed by the package, or generated from a .deb
   archive.

I remember making a shell script to check md5sums once.  Something
like::

#!/bin/sh

cat << EOWARNING >&2
This script it dedicated to the Public Domain.  It is untested and
provides NO WARRANTY.

Checking md5sums of installed packages.  Note that not all packages have
md5sums.  This also does not replace a true HIDS that tracks all or most
files on your filesystems.  It only idicates the integrity of the
package itself.
EOWARNING

# Change to the root directory
cd /

# Get a list of installed packages
for pf in `find /var/lib/dpkg/info/ -type f|cut -f1 -d.|sort -u`; do
    p=`basename $pf`
    if [ ! -f ${pf}.md5sums ] ; then
        echo "$p: No md5sums file for package" >&2 
        continue
    fi

    echo "$p: Checking md5sums" >&2
    md5sum -c ${pf}.md5sums
done
### End Of File

The script obviously has shortcomings, such as this:

    capplets-data: Checking md5sums
    cdrecord: Checking md5sums
    md5sum: MD5 check failed for 'etc/default/cdrecord'

It notes changes to config files, which we expect to change anyway.  The
debsums package may be better at this.

Good luck.

-- 
Chad Walstrom <chewie at wookimus.net>           http://www.wookimus.net/
           assert(expired(knowledge)); /* core dump */
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20050330/c2c53798/attachment.pgp