11-24-2010
But ...
Quote:
Originally Posted by
pludi
If used a sniffer, for a given data to be written to the network wire; it could be easily detected.
So a new requirment for integrity check would be to device such kind of sniffer based automated test in addition to the chacksum maintainance, to gurentee integrity, using appropriate hash algorithm (SHA1 or above).
9 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
I'm calling a program with a command line arguement containing a password. while the process is running anyone on the system can ps -ef and see the password. Is there a way to prevent this from happening.
example
PROGRAM USERNAME/PASSWD
I've also tried
PROGRAM `cat passfile`
... (7 Replies)
Discussion started by: sudojo
7 Replies
2. HP-UX
how can I determine which NIC card is virtual NIC Card
which condition can make a decision
Does HP UX have Virtual Network Adapter Concept
if ,it has
where I can Find if I Install Virutal Network Adapter
or which command that i can get it
or which software can generate
thanks (2 Replies)
Discussion started by: alert0919
2 Replies
3. Shell Programming and Scripting
Hi,
I have a directory i want to just hide this directory.
Could you please tell me the command to hide directory. (2 Replies)
Discussion started by: shivanete
2 Replies
4. Solaris
Dear Guys,
I want to know more about root-kit in Solaris.. If I'm not mistaken, root-kit is a bunch of scripts nor executable program that can manipulate root-privileges.
And sometimes, root-kit is defined as malware.. Is that right?
How to check whether my system got root-kit installed?... (2 Replies)
Discussion started by: frankoko
2 Replies
5. Solaris
I couldn't install my nic in solaris 10. I compiled and added
the driver but failed to attach the driver and ifconfig output
shows only loopback dev. Please see the following output and tell
me whether my nic has been detected and why the driver failed to
attach?
My nic is detected in linux... (0 Replies)
Discussion started by: vectrum
0 Replies
6. IP Networking
I am new in squid proxy.
My question is how to (and if it's necessary) to set one NIC for inbound traffic (http requests) and one NIC for outbound traffic (http answers)?
Thank you in advance! (4 Replies)
Discussion started by: aixlover
4 Replies
7. Solaris
Hi All
After downloading ZFS documentation from oracle site, I am able to successfully migrate UFS root FS without zones to ZFS root FS. But in case of UFS root file system with zones , I am successfully able to migrate global zone to zfs root file system but zone are still in UFS root file... (2 Replies)
Discussion started by: sb200
2 Replies
8. Red Hat
Dear All
I want tune my NIC's rps, rfs and xps value.
In my system I have two NIC (eth0, eth1) and I have a bond0 ( eth0, eth1).
Here is the question? Which device should I modify ?
eth0 and eth1? or just modify bond0 or modify all device (eth0, eth1, bond0)
Any advice is welcome.... (0 Replies)
Discussion started by: nnnnnnine
0 Replies
9. Linux
Hello Admins,
My ask is how can I add two different subnet IPs to same box with two different gateways?
The issue is I can connect to the box when I am on ethernet LAN, but I am not able to connect to the same IP when I am on wifi. The server is RHEL 7 VM on vmware.
How can I get connected... (4 Replies)
Discussion started by: snchaudhari2
4 Replies
LEARN ABOUT MOJAVE
eficheck
EFICHECK(8) BSD System Manager's Manual EFICHECK(8)
NAME
eficheck -- check the integrity of the x86 flash chip firmware.
SYNOPSIS
eficheck --integrity-check [-h EFI-hash-input-file] [-b EFI-binary-input-file]
eficheck --show-hashes [-h EFI-hash-input-file] [-b EFI-binary-input-file]
eficheck --generate-hashes [-h EFI-hash-output-file] [-p output-path]
eficheck --save [-b EFI-binary-output-file]
eficheck --cleanup [-b EFI-binary-input-and-output-file>]
eficheck --version
eficheck --help
DESCRIPTION
eficheck is a tool to check the x86 flash chip firmware.
The following commands can be used with eficheck:
--integrity-check hashes portion of the firmware and compares against known-good hashes
--generate-hashes outputs hashes for a given firmware to be used as known-good hashes
--show-hashes shows the hashes for the sub-sections of the firmware which are measured
--save saves the full flash chip contents to a binary file. Requires root privileges.
--cleanup zeros any privacy-sensitive data (such as nvram), enabling the file to be shared for analysis.
--version print out eficheck version number.
--help display a short help.
EXAMPLES
'eficheck --save -b firmware.bin'
Save this system's EFI firmware as firmware.bin
'eficheck --cleanup -b firmware.bin'
Overwrite the EFI variables portion of the firmware.bin, in place
'eficheck --generate-hashes'
Analyze the current system's installed EFI firmware, and store the hashes into hash file(s) in current folder
File name(s) will be selected according to image's EFI version(s)
'eficheck --generate-hashes -b firmware.bin'
Analyze the firmware.bin, and store the hashes into hash file(s) in current folder. Filename will be based on the detected
firmware version.
'eficheck --generate-hashes -p /usr/local/allowlists'
Analyze the current system's installed EFI firmware, and store the hashes into hash file(s) in /usr/local/allowlists folder
'eficheck --integrity-check'
Attempt to automatically determine which firmware you are running, and integrity check against the appropriate file, and report
any differences
'eficheck --integrity-check -h /usr/libexec/firmwarecheckers/eficheck/EFIAllowListShipping.bun-
dle/allowlists/IM171.88Z.0105.B08.1604111319.0.ealf'
Compare the current system's EFI firmware against the Apple-provided expected measurements for an "iMac17,1" at firmware revision
B08, and report any differences
'eficheck --integrity-check -h hash.ealf -b firmware.bin'
Compare the given hash file against against the given firmware image and report any differences
'eficheck --show-hashes'
Print the hashes for the current system's installed EFI firmware to stdout
'eficheck --show-hashes -b firmware.bin'
Print the hashes for the given firmware.bin to stdout
'eficheck --show-hashes -h IM171.88Z.0105.B08.1604111319.0.ealf'
Print the hashes for the given allowlist to stdout
May 25, 2017