Great! I do really believe that Debian and other distros are currently
lacking such a tool.
Have you also thought about retrieving checksums from package headers?
That is at least my approach because storing checksums spearately is a
tedious task which the casual user is not likely up to take. My vision
would be to just take any system from which you do not have rescued
checksums in advance and check it for integrity and consistency with the
package datababase.
My choice was to implement it as a shell script (perl) so that it can be
invoked from the rescue console of your installation medium i.e. from a
clean system where you do not have a gcc or sth. else.
Best Regards,
Elmar
Am 05.04.2014 10:20, schrieb Leslie S Satenstein:
Hi Elmar
Good morning. I have done something similar to you, but in a
different way. I wrote my software in C language,
Given any directory, scan every file in that directory and every
sub-directory, and build a report file.
Compare the report file to the previous scan. If there is a match,
then there has been no change.
I also include some filtering. For example, I could start at root
and eliminate /dev /proc /tmp and /home.
This would yield the /bin /usr, etc. etc. I could email you a sample
scan of any directory tree.
My basic scanner is version 1. I am working on a version 2, more
sophisticated.
Regards
*
Leslie
*
*Mr. Leslie Satenstein*
*SENT FROM MY OPEN SOURCE LINUX SYSTEM.*
**
------------------------------------------------------------------------
*From:* Elmar Stellnberger <estel...@gmail.com>
*To:* debian-security@lists.debian.org
*Sent:* Saturday, April 5, 2014 5:39 AM
*Subject:* Re: debcheckroot v1.0 released
The tool is now ready to be downloaded at
http://www.elstel.org/debcheckroot.
Feedback will be highly appreciated!
Am 28.01.2014 11:40, schrieb Elmar Stellnberger:
> Dear Debian-Security
>
> Having just released debcheckroot I wanna shortly present you
my new tool:
> It was originally designed as a replacement for debsums and has
the following qualities:
> * full support of Debian repos reading /etc/[apt/]sources.list
to fetch checksums online
> * it can check a Debian installation remotely from any Unix-like
system just requiring perl, gzip, bzip2 and tar
> * it does not require a chroot into or any tools of the
installation to be checked;
> debcheckroot is thus the better choice when it comes to
security (chroots may infect the freshly booted system);
> The checkroot family of programs has already proven to spot
various rootkits not detected by chkrootkit and rkhunter
> * usage of checksums in the package header by default rather
than locally stored ones (insecure if not backed up on f.i. an
USB-stick); fast unpacking on the fly into memory without the
creation of temporary files
> * nicely formatted output into files for later analysis
> … and all of that in just a 930 lines of code.
>
> Though debcheckroot is currently still licensed under S-FSL I am
ready to re-publish under any license you like
> if you can at least promise me to maintain the necessary support
infrastructure for it:
> * sha256sums rather than the bit old fashioned md5sums
> * checksums for all packages in the core distro (some are still
missing md5sums)
> i.e. we would have to update debhelper to create shasums in
addition to md5sums and enable this for all packages
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
<mailto:debian-security-requ...@lists.debian.org>
with a subject of "unsubscribe". Trouble? Contact
listmas...@lists.debian.org <mailto:listmas...@lists.debian.org>
Archive: https://lists.debian.org/533fcf36.1030...@gmail.com
