Solved

RHEL 5.3 Downloaded from Torent

Posted on 2014-10-22
19
338 Views
Last Modified: 2014-12-03
Dear all,

I was not able to download or Arrange RHEL 5.3 from "any" legitimate source and It was very urgent ( long story made short).
 Now I got RHEL 5.3 64 bit in my hand Downloaded from some torrent website  .

My question is

1, Is this Software trustable ? that is , did  anyone could have Edited this OS(RHEL 5.3) , and made it available through torrent downloads so that , if any one download it and install the same , they (people who made this available through Torrents)   can have some back door  access and manipulate the whole data??..!! Or cause some other typical attack's...??..!!

2, How can we make sure that , the binaries (RHEL 5.3 -OS) that I downloaded is safe and no  "hidden codes" are there. (Methods )

3, Is there any Tools to check the legitimacy of this downloaded RHEL 5.3 ?

Additional information :
1, I just installed in a Spare Laptop , using the software(RHEL 5.3) , I downloaded from Torrent website , and it looks normal, but my expertise is very minimum in Linux .
0
Comment
Question by:FiruIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +6
19 Comments
 
LVL 7

Expert Comment

by:Stampel
ID: 40396562
To see if it is trustable, just compute the md5sum of the file and see if it matches the original.
Use command md5sum.
Every ISO of RHEL are given with md5 key i could not find legitimate links but you can still check this  :
http://explorer-1.ins.cwru.edu/pub/ISO/SHA256_Checksums.txt
http://www.07net01.com/linux/Red_Hat_Enterprise_Linux_Server_MD5_SHA_zhi_678883_1389431755.html
0
 
LVL 23

Expert Comment

by:savone
ID: 40396662
You can not check the md5 sum unless you check it against the md5 on the red hat website.  The md5 checksum is only used to ensure that the file you downloaded matches the file on the server.  It does NOT guarantee you clean or malware free software. Unless of course the md5 comes from a trusted source, which in this case would be Red Hat itself.

You can sign up for a Red Hat account and download a 30 day trial for free.  Do yourself a favor and go about this the legal and correct way.
0
 
LVL 7

Expert Comment

by:Stampel
ID: 40396681
If the md5 you will compute with md5sum matches the redhat md5 then its legit redhat ISO and it will guarantee its clean and malware free !
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 21

Expert Comment

by:Mazdajai
ID: 40396756
You can get centos or scientific Linux for free, they are identical (clone) to RHEL. Since you are new to Linux, you can get community support where as RHEL is subscription only.
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40397090
Is this Software trustable ?

i wouldn't trust it

How can we make sure that , the binaries (RHEL 5.3 -OS) that I downloaded is safe

download directly from your RHEL account

Is there any Tools to check the legitimacy of this downloaded RHEL 5.3 ?

the md5sum is displayed on the download page next to the link for each ISO

I was not able to download or Arrange RHEL 5.3 from "any" legitimate source and It was very urgent

ISO images from red hat is a legitimate source.  if you don't have a subscription and you obtain it elsewhere, you violate the EULA
0
 
LVL 62

Expert Comment

by:gheist
ID: 40399203
CentOS, Oracle Linux and Scientific linux are all legitimate rebuilds of RHEL. I see no sane reason to download RHEL via torrent when you can get iso for 50€/year desktop subscription and use it as a server
0
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 40403189
You can download older versions of Red Hat perfectly legal from the Red Hat network:

https://access.redhat.com/articles/23284
0
 
LVL 62

Expert Comment

by:gheist
ID: 40403218
Yes, with valid redhat entitlement for 50$/year you can download any release. Without you are asked to pay up and log in seeing first 5 lines of text.
0
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 40403647
@gheist, of course. I was just pointing out that it's not that difficult to find a legal source.  If we forget the RedHat part then this question is just about whether to trust downloads from torrent sites.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40403848
Redhat does not give checksums without subscription either.
If you had that 50$ subscription you could verify your torrent downloads and live happy...
0
 

Author Comment

by:FiruIT
ID: 40404724
Dear all,

Gerwin Jansen :  Seth Simmons : Stampel :gheist :Mazdajai : savone

"If the md5 you will compute with md5sum matches the redhat md5 then its legit redhat ISO and it will guarantee its clean and malware free ! "

Its not clear for me.....!!
1 , Is it some kind of tool if yes and if possible kindly give me , direct link to download the same.
2 , Or is it some Kind of procedures and step if yes....please break down those steps, to little more simpler and explain it to me.

Sorry I am consuming your time too much, but please support me.

thank you very much
0
 
LVL 7

Accepted Solution

by:
Stampel earned 250 total points
ID: 40404733
yes md5sum is a tool to compute the md5 key of a file, you can have it :
under windows here : http://www.pc-tools.net/win32/md5sums/
or another here : http://www.winmd5.com/
or under linux centos usually immediately available under /usr/bin/md5sum (because its part of coreutils package) :
[root@centos5 ~]# which md5sum
/usr/bin/md5sum

So you can easily compute your md5 iso by using "md5sum your-cd.iso"
[root@centos5 ~]# md5sum install.iso
32047b5c34365d5eed248cea16fac2bc  install.iso


If your md5 compute matches redhat download one, you are good.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40405161
Bittorrent sues SHA512 internally, so the md5 will match whatever rootkits the maker of backdoor EL5.3 DVD added.
0
 
LVL 7

Expert Comment

by:Stampel
ID: 40405502
Compute the MD5 of the ISO file you downloaded and compare with RedHat MD5.
There is no need to care about bittorrent SHA512.
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 250 total points
ID: 40405788
But you cannot get redhat MD5 without subscription. even so MD5 is not collision proof, so one can make other file with same MD5 sum
0
 

Author Comment

by:FiruIT
ID: 40405808
Dear all,

Thanks for kind guidance ......one more thing ....!!  
 I tried to search in net (google -Red Hat site  ) to find Standard  md5sum hash string for RHEL 5.3 ,
Due to my limited experience I am getting delayed , can you please find it for me?
0
 
LVL 88

Expert Comment

by:rindi
ID: 40405886
Why don't you just subscribe to Red-Hat as has been suggested, and then you can download the OS officially and don't need to worry?

Besides, why do you need that specific version of an OLD OS? For example, version 5.11 is a version that is still supported, and you can get a clone from CentOS for free, without official Red-Hat subscriptions needed. That way you can also still get patches that protect you against security holes and bugs:

http://wiki.centos.org/Download

There should be no sane reason to keep to an old and not anymore supported version.
0
 
LVL 13

Expert Comment

by:Sandy
ID: 40407871
Agree with rindi

TY/SA
0
 

Author Closing Comment

by:FiruIT
ID: 40480215
thanks for all support
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question