Solved

RHEL 5.3 Downloaded from Torent

Posted on 2014-10-22
19
327 Views
Last Modified: 2014-12-03
Dear all,

I was not able to download or Arrange RHEL 5.3 from "any" legitimate source and It was very urgent ( long story made short).
 Now I got RHEL 5.3 64 bit in my hand Downloaded from some torrent website  .

My question is

1, Is this Software trustable ? that is , did  anyone could have Edited this OS(RHEL 5.3) , and made it available through torrent downloads so that , if any one download it and install the same , they (people who made this available through Torrents)   can have some back door  access and manipulate the whole data??..!! Or cause some other typical attack's...??..!!

2, How can we make sure that , the binaries (RHEL 5.3 -OS) that I downloaded is safe and no  "hidden codes" are there. (Methods )

3, Is there any Tools to check the legitimacy of this downloaded RHEL 5.3 ?

Additional information :
1, I just installed in a Spare Laptop , using the software(RHEL 5.3) , I downloaded from Torrent website , and it looks normal, but my expertise is very minimum in Linux .
0
Comment
Question by:FiruIT
  • 5
  • 4
  • 3
  • +6
19 Comments
 
LVL 7

Expert Comment

by:Stampel
ID: 40396562
To see if it is trustable, just compute the md5sum of the file and see if it matches the original.
Use command md5sum.
Every ISO of RHEL are given with md5 key i could not find legitimate links but you can still check this  :
http://explorer-1.ins.cwru.edu/pub/ISO/SHA256_Checksums.txt
http://www.07net01.com/linux/Red_Hat_Enterprise_Linux_Server_MD5_SHA_zhi_678883_1389431755.html
0
 
LVL 23

Expert Comment

by:savone
ID: 40396662
You can not check the md5 sum unless you check it against the md5 on the red hat website.  The md5 checksum is only used to ensure that the file you downloaded matches the file on the server.  It does NOT guarantee you clean or malware free software. Unless of course the md5 comes from a trusted source, which in this case would be Red Hat itself.

You can sign up for a Red Hat account and download a 30 day trial for free.  Do yourself a favor and go about this the legal and correct way.
0
 
LVL 7

Expert Comment

by:Stampel
ID: 40396681
If the md5 you will compute with md5sum matches the redhat md5 then its legit redhat ISO and it will guarantee its clean and malware free !
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 40396756
You can get centos or scientific Linux for free, they are identical (clone) to RHEL. Since you are new to Linux, you can get community support where as RHEL is subscription only.
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40397090
Is this Software trustable ?

i wouldn't trust it

How can we make sure that , the binaries (RHEL 5.3 -OS) that I downloaded is safe

download directly from your RHEL account

Is there any Tools to check the legitimacy of this downloaded RHEL 5.3 ?

the md5sum is displayed on the download page next to the link for each ISO

I was not able to download or Arrange RHEL 5.3 from "any" legitimate source and It was very urgent

ISO images from red hat is a legitimate source.  if you don't have a subscription and you obtain it elsewhere, you violate the EULA
0
 
LVL 61

Expert Comment

by:gheist
ID: 40399203
CentOS, Oracle Linux and Scientific linux are all legitimate rebuilds of RHEL. I see no sane reason to download RHEL via torrent when you can get iso for 50€/year desktop subscription and use it as a server
0
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40403189
You can download older versions of Red Hat perfectly legal from the Red Hat network:

https://access.redhat.com/articles/23284
0
 
LVL 61

Expert Comment

by:gheist
ID: 40403218
Yes, with valid redhat entitlement for 50$/year you can download any release. Without you are asked to pay up and log in seeing first 5 lines of text.
0
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40403647
@gheist, of course. I was just pointing out that it's not that difficult to find a legal source.  If we forget the RedHat part then this question is just about whether to trust downloads from torrent sites.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 61

Expert Comment

by:gheist
ID: 40403848
Redhat does not give checksums without subscription either.
If you had that 50$ subscription you could verify your torrent downloads and live happy...
0
 

Author Comment

by:FiruIT
ID: 40404724
Dear all,

Gerwin Jansen :  Seth Simmons : Stampel :gheist :Mazdajai : savone

"If the md5 you will compute with md5sum matches the redhat md5 then its legit redhat ISO and it will guarantee its clean and malware free ! "

Its not clear for me.....!!
1 , Is it some kind of tool if yes and if possible kindly give me , direct link to download the same.
2 , Or is it some Kind of procedures and step if yes....please break down those steps, to little more simpler and explain it to me.

Sorry I am consuming your time too much, but please support me.

thank you very much
0
 
LVL 7

Accepted Solution

by:
Stampel earned 250 total points
ID: 40404733
yes md5sum is a tool to compute the md5 key of a file, you can have it :
under windows here : http://www.pc-tools.net/win32/md5sums/
or another here : http://www.winmd5.com/
or under linux centos usually immediately available under /usr/bin/md5sum (because its part of coreutils package) :
[root@centos5 ~]# which md5sum
/usr/bin/md5sum

So you can easily compute your md5 iso by using "md5sum your-cd.iso"
[root@centos5 ~]# md5sum install.iso
32047b5c34365d5eed248cea16fac2bc  install.iso


If your md5 compute matches redhat download one, you are good.
0
 
LVL 61

Expert Comment

by:gheist
ID: 40405161
Bittorrent sues SHA512 internally, so the md5 will match whatever rootkits the maker of backdoor EL5.3 DVD added.
0
 
LVL 7

Expert Comment

by:Stampel
ID: 40405502
Compute the MD5 of the ISO file you downloaded and compare with RedHat MD5.
There is no need to care about bittorrent SHA512.
0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 250 total points
ID: 40405788
But you cannot get redhat MD5 without subscription. even so MD5 is not collision proof, so one can make other file with same MD5 sum
0
 

Author Comment

by:FiruIT
ID: 40405808
Dear all,

Thanks for kind guidance ......one more thing ....!!  
 I tried to search in net (google -Red Hat site  ) to find Standard  md5sum hash string for RHEL 5.3 ,
Due to my limited experience I am getting delayed , can you please find it for me?
0
 
LVL 87

Expert Comment

by:rindi
ID: 40405886
Why don't you just subscribe to Red-Hat as has been suggested, and then you can download the OS officially and don't need to worry?

Besides, why do you need that specific version of an OLD OS? For example, version 5.11 is a version that is still supported, and you can get a clone from CentOS for free, without official Red-Hat subscriptions needed. That way you can also still get patches that protect you against security holes and bugs:

http://wiki.centos.org/Download

There should be no sane reason to keep to an old and not anymore supported version.
0
 
LVL 13

Expert Comment

by:Sandy
ID: 40407871
Agree with rindi

TY/SA
0
 

Author Closing Comment

by:FiruIT
ID: 40480215
thanks for all support
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now