Check binary (e.g. MD5sum) integrity?

How do you check the MD5sums of the e.g. jitsi-meet binary with e.g. $ md5sum jitsi-meet.bin? Or does APT do that itself since it’s not from source?

What binary, the AppImage you downloaded from the jitsi-meet-electron repo?

No, I’m referring to the server itself, downloaded with the regular apt install command (so not the Docker image either). I ask because I haven’t taken further measures to secure my system (e.g. I just saw how many failed SSH attempts there are constantly from malicious actors, so I have to harden that more), and I’m paranoid that someone might’ve replaced the server binary(ies) with malicious Jitsi Meet (and accompanying dependency) ‘forks’ (I’m paranoid about stuff like spyware).

Might be virtually impossible for an adversary to do that, but I ask just in case. If anything, I can just reinstall my system, which is very easy since I only use my server for Jitsi, and regularly scan for malicious stuff like rootkits with the traditional Chkrootkit and other scanners, use a key instead of password for SSH, use Fail2ban, have SSHD only run at temporary intervals (though that’s a bit of a stretch, but still), etc.

Another odd thing I noticed is that the failed SSH attempts were done through ports that UFW should be blocking by default, since I only enabled the ports Jitsi needs, but maybe I’m misunderstanding how it works.

apt command checks the archieve key while installing a package. It doesn’t install it if the package is not from the right place.

See jitsi-keyring step