RHEL 5.3 Downloaded from Torent

Dear all,

I was not able to download or Arrange RHEL 5.3 from "any" legitimate source and It was very urgent ( long story made short).
 Now I got RHEL 5.3 64 bit in my hand Downloaded from some torrent website  .

My question is

1, Is this Software trustable ? that is , did  anyone could have Edited this OS(RHEL 5.3) , and made it available through torrent downloads so that , if any one download it and install the same , they (people who made this available through Torrents)   can have some back door  access and manipulate the whole data??..!! Or cause some other typical attack's...??..!!

2, How can we make sure that , the binaries (RHEL 5.3 -OS) that I downloaded is safe and no  "hidden codes" are there. (Methods )

3, Is there any Tools to check the legitimacy of this downloaded RHEL 5.3 ?

Additional information :
1, I just installed in a Spare Laptop , using the software(RHEL 5.3) , I downloaded from Torrent website , and it looks normal, but my expertise is very minimum in Linux .
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

To see if it is trustable, just compute the md5sum of the file and see if it matches the original.
Use command md5sum.
Every ISO of RHEL are given with md5 key i could not find legitimate links but you can still check this  :
You can not check the md5 sum unless you check it against the md5 on the red hat website.  The md5 checksum is only used to ensure that the file you downloaded matches the file on the server.  It does NOT guarantee you clean or malware free software. Unless of course the md5 comes from a trusted source, which in this case would be Red Hat itself.

You can sign up for a Red Hat account and download a 30 day trial for free.  Do yourself a favor and go about this the legal and correct way.
If the md5 you will compute with md5sum matches the redhat md5 then its legit redhat ISO and it will guarantee its clean and malware free !
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

You can get centos or scientific Linux for free, they are identical (clone) to RHEL. Since you are new to Linux, you can get community support where as RHEL is subscription only.
Seth SimmonsSr. Systems AdministratorCommented:
Is this Software trustable ?

i wouldn't trust it

How can we make sure that , the binaries (RHEL 5.3 -OS) that I downloaded is safe

download directly from your RHEL account

Is there any Tools to check the legitimacy of this downloaded RHEL 5.3 ?

the md5sum is displayed on the download page next to the link for each ISO

I was not able to download or Arrange RHEL 5.3 from "any" legitimate source and It was very urgent

ISO images from red hat is a legitimate source.  if you don't have a subscription and you obtain it elsewhere, you violate the EULA
CentOS, Oracle Linux and Scientific linux are all legitimate rebuilds of RHEL. I see no sane reason to download RHEL via torrent when you can get iso for 50€/year desktop subscription and use it as a server
Gerwin Jansen, EE MVETopic Advisor Commented:
You can download older versions of Red Hat perfectly legal from the Red Hat network:

Yes, with valid redhat entitlement for 50$/year you can download any release. Without you are asked to pay up and log in seeing first 5 lines of text.
Gerwin Jansen, EE MVETopic Advisor Commented:
@gheist, of course. I was just pointing out that it's not that difficult to find a legal source.  If we forget the RedHat part then this question is just about whether to trust downloads from torrent sites.
Redhat does not give checksums without subscription either.
If you had that 50$ subscription you could verify your torrent downloads and live happy...
FiruITAuthor Commented:
Dear all,

Gerwin Jansen :  Seth Simmons : Stampel :gheist :Mazdajai : savone

"If the md5 you will compute with md5sum matches the redhat md5 then its legit redhat ISO and it will guarantee its clean and malware free ! "

Its not clear for me.....!!
1 , Is it some kind of tool if yes and if possible kindly give me , direct link to download the same.
2 , Or is it some Kind of procedures and step if yes....please break down those steps, to little more simpler and explain it to me.

Sorry I am consuming your time too much, but please support me.

thank you very much
yes md5sum is a tool to compute the md5 key of a file, you can have it :
under windows here : http://www.pc-tools.net/win32/md5sums/
or another here : http://www.winmd5.com/
or under linux centos usually immediately available under /usr/bin/md5sum (because its part of coreutils package) :
[root@centos5 ~]# which md5sum

So you can easily compute your md5 iso by using "md5sum your-cd.iso"
[root@centos5 ~]# md5sum install.iso
32047b5c34365d5eed248cea16fac2bc  install.iso

If your md5 compute matches redhat download one, you are good.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Bittorrent sues SHA512 internally, so the md5 will match whatever rootkits the maker of backdoor EL5.3 DVD added.
Compute the MD5 of the ISO file you downloaded and compare with RedHat MD5.
There is no need to care about bittorrent SHA512.
But you cannot get redhat MD5 without subscription. even so MD5 is not collision proof, so one can make other file with same MD5 sum
FiruITAuthor Commented:
Dear all,

Thanks for kind guidance ......one more thing ....!!  
 I tried to search in net (google -Red Hat site  ) to find Standard  md5sum hash string for RHEL 5.3 ,
Due to my limited experience I am getting delayed , can you please find it for me?
Why don't you just subscribe to Red-Hat as has been suggested, and then you can download the OS officially and don't need to worry?

Besides, why do you need that specific version of an OLD OS? For example, version 5.11 is a version that is still supported, and you can get a clone from CentOS for free, without official Red-Hat subscriptions needed. That way you can also still get patches that protect you against security holes and bugs:


There should be no sane reason to keep to an old and not anymore supported version.
Agree with rindi

FiruITAuthor Commented:
thanks for all support
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.