• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 362
  • Last Modified:

RHEL 5.3 Downloaded from Torent

Dear all,

I was not able to download or Arrange RHEL 5.3 from "any" legitimate source and It was very urgent ( long story made short).
 Now I got RHEL 5.3 64 bit in my hand Downloaded from some torrent website  .

My question is

1, Is this Software trustable ? that is , did  anyone could have Edited this OS(RHEL 5.3) , and made it available through torrent downloads so that , if any one download it and install the same , they (people who made this available through Torrents)   can have some back door  access and manipulate the whole data??..!! Or cause some other typical attack's...??..!!

2, How can we make sure that , the binaries (RHEL 5.3 -OS) that I downloaded is safe and no  "hidden codes" are there. (Methods )

3, Is there any Tools to check the legitimacy of this downloaded RHEL 5.3 ?

Additional information :
1, I just installed in a Spare Laptop , using the software(RHEL 5.3) , I downloaded from Torrent website , and it looks normal, but my expertise is very minimum in Linux .
0
FiruIT
Asked:
FiruIT
  • 5
  • 4
  • 3
  • +6
2 Solutions
 
StampelCommented:
To see if it is trustable, just compute the md5sum of the file and see if it matches the original.
Use command md5sum.
Every ISO of RHEL are given with md5 key i could not find legitimate links but you can still check this  :
http://explorer-1.ins.cwru.edu/pub/ISO/SHA256_Checksums.txt
http://www.07net01.com/linux/Red_Hat_Enterprise_Linux_Server_MD5_SHA_zhi_678883_1389431755.html
0
 
savoneCommented:
You can not check the md5 sum unless you check it against the md5 on the red hat website.  The md5 checksum is only used to ensure that the file you downloaded matches the file on the server.  It does NOT guarantee you clean or malware free software. Unless of course the md5 comes from a trusted source, which in this case would be Red Hat itself.

You can sign up for a Red Hat account and download a 30 day trial for free.  Do yourself a favor and go about this the legal and correct way.
0
 
StampelCommented:
If the md5 you will compute with md5sum matches the redhat md5 then its legit redhat ISO and it will guarantee its clean and malware free !
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
MazdajaiCommented:
You can get centos or scientific Linux for free, they are identical (clone) to RHEL. Since you are new to Linux, you can get community support where as RHEL is subscription only.
0
 
Seth SimmonsSr. Systems AdministratorCommented:
Is this Software trustable ?

i wouldn't trust it

How can we make sure that , the binaries (RHEL 5.3 -OS) that I downloaded is safe

download directly from your RHEL account

Is there any Tools to check the legitimacy of this downloaded RHEL 5.3 ?

the md5sum is displayed on the download page next to the link for each ISO

I was not able to download or Arrange RHEL 5.3 from "any" legitimate source and It was very urgent

ISO images from red hat is a legitimate source.  if you don't have a subscription and you obtain it elsewhere, you violate the EULA
0
 
gheistCommented:
CentOS, Oracle Linux and Scientific linux are all legitimate rebuilds of RHEL. I see no sane reason to download RHEL via torrent when you can get iso for 50€/year desktop subscription and use it as a server
0
 
Gerwin Jansen, EE MVETopic Advisor Commented:
You can download older versions of Red Hat perfectly legal from the Red Hat network:

https://access.redhat.com/articles/23284
0
 
gheistCommented:
Yes, with valid redhat entitlement for 50$/year you can download any release. Without you are asked to pay up and log in seeing first 5 lines of text.
0
 
Gerwin Jansen, EE MVETopic Advisor Commented:
@gheist, of course. I was just pointing out that it's not that difficult to find a legal source.  If we forget the RedHat part then this question is just about whether to trust downloads from torrent sites.
0
 
gheistCommented:
Redhat does not give checksums without subscription either.
If you had that 50$ subscription you could verify your torrent downloads and live happy...
0
 
FiruITAuthor Commented:
Dear all,

Gerwin Jansen :  Seth Simmons : Stampel :gheist :Mazdajai : savone

"If the md5 you will compute with md5sum matches the redhat md5 then its legit redhat ISO and it will guarantee its clean and malware free ! "

Its not clear for me.....!!
1 , Is it some kind of tool if yes and if possible kindly give me , direct link to download the same.
2 , Or is it some Kind of procedures and step if yes....please break down those steps, to little more simpler and explain it to me.

Sorry I am consuming your time too much, but please support me.

thank you very much
0
 
StampelCommented:
yes md5sum is a tool to compute the md5 key of a file, you can have it :
under windows here : http://www.pc-tools.net/win32/md5sums/
or another here : http://www.winmd5.com/
or under linux centos usually immediately available under /usr/bin/md5sum (because its part of coreutils package) :
[root@centos5 ~]# which md5sum
/usr/bin/md5sum

So you can easily compute your md5 iso by using "md5sum your-cd.iso"
[root@centos5 ~]# md5sum install.iso
32047b5c34365d5eed248cea16fac2bc  install.iso


If your md5 compute matches redhat download one, you are good.
0
 
gheistCommented:
Bittorrent sues SHA512 internally, so the md5 will match whatever rootkits the maker of backdoor EL5.3 DVD added.
0
 
StampelCommented:
Compute the MD5 of the ISO file you downloaded and compare with RedHat MD5.
There is no need to care about bittorrent SHA512.
0
 
gheistCommented:
But you cannot get redhat MD5 without subscription. even so MD5 is not collision proof, so one can make other file with same MD5 sum
0
 
FiruITAuthor Commented:
Dear all,

Thanks for kind guidance ......one more thing ....!!  
 I tried to search in net (google -Red Hat site  ) to find Standard  md5sum hash string for RHEL 5.3 ,
Due to my limited experience I am getting delayed , can you please find it for me?
0
 
rindiCommented:
Why don't you just subscribe to Red-Hat as has been suggested, and then you can download the OS officially and don't need to worry?

Besides, why do you need that specific version of an OLD OS? For example, version 5.11 is a version that is still supported, and you can get a clone from CentOS for free, without official Red-Hat subscriptions needed. That way you can also still get patches that protect you against security holes and bugs:

http://wiki.centos.org/Download

There should be no sane reason to keep to an old and not anymore supported version.
0
 
SandyCommented:
Agree with rindi

TY/SA
0
 
FiruITAuthor Commented:
thanks for all support
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 4
  • 3
  • +6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now