Tripwire, integrit and aide all perform something similar to what you described.
> -----Original Message----- > From: andy baxter [mailto:[EMAIL PROTECTED] > Sent: Sunday, June 24, 2007 7:23 AM > To: debian-security@lists.debian.org > Subject: security idea - bootable CD to check your system > > hello, > > I am writing to ask what you think of the following idea? > Something that I would like to see is a bootable CDROM which > can check all the packages on a debian system. My idea is > that it would work roughly as follows: > > - You halt the machine and put in a bootable CD, then reboot. > - The machine boots from the CD, which is read-only and known > to be good. > - It boots into a minimal linux system which will do nothing but the > following: > - ask you whether you are booting for the first or second time. > - Read a floppy or other removable media to find > configuration information for the machine being checked. > - Read the host machine's hard drive to find a list of all > installed packages. > - Connect once to the network to retrieve a list of files and > their checksums for each of these packages from a debian > server. This list could be saved either to a designated > partition on the hard drive, or to removable media. > - Disconnect from the network. > - Reboot itself. > - The second time round, don't connect to the network. > - instead, check all the binaries (and optionally config > files) against the checksums. > - generate some kind of easy to read report on screen, or > else save it to removable media. > > Do you think this would work (i.e. be a good check on whether > your system has been compromised), and is it worth doing? I'm > not sure if I have the skills to take on something like this > all by myself, but I would be willing to put some time in to > help where I can if anyone else wants to have a go at it. > > Alternatively, if people don't think it's worth your while > developing something like this, where should I start looking > to try to put it together myself, and is there anyone at > debian who might be able to help me? > > yours, > > andy baxter. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] >
smime.p7s
Description: S/MIME cryptographic signature
