I'm wondering why you are looking only at debian packages. Should the integrity check not be designed to tell you about all software on your system?
Then: * Other Linux distributions would also benefit. * You get more feedback / input / contributions. * Your system is checked more thoroughly. I have the impression there are projects already, that would do to the job with some tweaking (tripwire, ..) Plus, you might as well bundle the check with a backup-system, since you are already looking at your system at rest, and no services are running to worry about. Stephan On 6/24/07, andy baxter <[EMAIL PROTECTED]> wrote:
Jim Popovitch wrote: > On Sun, 2007-06-24 at 16:50 +0100, andy baxter wrote: > >> The difference is that: >> >> a) These all run on the live system they are trying to protect, >> > > Unless you configure them to only write to an offline mount point that > is normally ro and only rw through external effort.... which is in > Tripwire's best practices. > > -Jim P. > OK, this would work. The problem for me is that it would involve turning the media r/w and updating the database every time I run apt-get to install security updates, which I do once a week. If I was running a large server farm and I was looking after it full time, this would be OK, but my situation is that I have two machines, both for personal use, and I don't want to have to devote my entire life to looking after the security on them. The machines are a laptop for general use, and a server which I use for testing and demonstrating small web-based projects I do for people on a voluntary basis. They are connected to the internet by ADSL, with only the server set to accept incoming connections. The other night, I had my laptop switched on and a sound file I had never heard before played through the speaker (it said 'hello' in someone else's voice). I'm assuming I've been cracked and it was someone's idea of a joke. I've halted the server in case that was their way in, and I'm planning to reinstall both my machines this week, but also looking for a more long term solution which I could put some time into now and save myself and anyone else who wants to use it a lot of trouble in the future. What I'm looking for is a solution where I can do security updates every week, as my first line of defence, but then have a fallback way of detecting intrusions which I could run maybe every month, which doesn't need too much work to keep on top of it once it's been set up. I can probably find ways of improving my security using existing tools, but it occurred to me that the system I described would be a pretty watertight check on whether a system has been cracked, which is what I'm looking for. andy baxter. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
-- Stephan Wehner -> http://stephan.sugarmotor.org -> http://www.thrackle.org -> http://www.buckmaster.ca -> http://www.trafficlife.com -> http://stephansmap.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
