Redhat: To check your boxes are pwnd
http://www.redhat.com/security/data/openssh-blacklist.html
<snip>
We have provided a shell script which lists the affected packages and can verify that none of them are installed on a system:
* openssh-blacklist-1.0.sh
The script has a detached GPG signature from the Red Hat Security Response Team (key) so you can verify its integrity:
* openssh-blacklist-1.0.sh.asc
This script can be executed either as a non-root user or as root. To execute the script after downloading it and saving it to your system, run the command:
bash ./openssh-blacklist-1.0.sh
If the script output includes any lines beginning with “ALERT” then a tampered package has been installed on the system. Otherwise, if no tampered packages were found, the script should produce only a single line of output beginning with the word “PASS”, as shown below:
bash ./openssh-blacklist-1.0.sh
PASS: no suspect packages were found on this system
The script can also check a set of packages by passing it a list of source or binary RPM filenames. In this mode, a “PASS” or “ALERT” line will be printed for each filename passed; for example:
bash ./openssh-blacklist-1.0.sh openssh-4.3p2-16.el5.i386.rpm
PASS: signature of package “openssh-4.3p2-16.el5.i386.rpm” not on blacklist
Red Hat customers who discover any tampered packages, need help with running this script, or have any questions should log into the Red Hat support website and file a support ticket, call their local support center, or contact their Technical Account Manager.
</snip>
