How to Verify Sudo Binary Integrity in Ubuntu

Ensuring the security of your Linux system often involves checking critical binaries for tampering. This article explains how to verify the integrity of the sudo binary in Ubuntu using built-in package management tools. You will learn how to compare installed files against original package checksums to detect modifications or corruption.

Install the Debsums Tool

The most reliable method to verify file integrity on Ubuntu is using the debsums utility. This tool checks installed package files against the checksums listed in the package database. Open your terminal and install the tool using the following command:

sudo apt update
sudo apt install debsums

During installation, you may be prompted to configure how often debsums should run automatically. You can select your preferred option or configure this later in the settings file.

Run the Verification Command

Once installed, you can specifically check the sudo package for integrity issues. Run the following command to verify only the files associated with the sudo package:

sudo debsums sudo

This command compares the checksums of the installed files against the known good values from the Ubuntu repositories. It focuses specifically on the binary and configuration files delivered by the sudo package.

Interpret the Results

If the command returns no output, it means all files passed the integrity check and match the original package data. If there are issues, debsums will list the specific files that failed verification along with an error code.

• OK: The file matches the checksum.
• FAILED: The file checksum does not match, indicating potential tampering or corruption.
• MISSING: A file expected from the package is not found on the system.

Remediation Steps

If the verification fails, the sudo binary may be compromised or corrupted. The safest course of action is to reinstall the package to restore the original files. Run the following command to reinstall sudo:

sudo apt install --reinstall sudo

After reinstallation, run the debsums check again to confirm that the integrity issues have been resolved. If failures persist after reinstallation, investigate potential rootkit infections or deeper system compromises.