Hi, there is already useful information from other debianers. I just list tools and features below.
Tools - debsum - AIDE[1] - ... Features (of Linux kernel) - IMA-EVM [1] - fs-verity [3] - ... I think the debsum tool is a proper way for your use cases provided that you protect the integrity of checksum files securely. You need to get the files and isolate them from packages, apt-repository, and the remote filesystem. [1] https://aide.github.io/ [2] http://linux-ima.sourceforge.net/ [3] https://www.kernel.org/doc/html/latest/filesystems/fsverity.html 2021년 1월 14일 (목) 오후 7:57, Erik Poupaert <e...@sankuru.biz>님이 작성: > I understand that I can run the following command to verify the > installation footpring of a package: > > dpkg -V <package> > > The reason why I am carrying out this audit is, however, because I somehow > suspect that the system could be compromised. > > If the attacker has managed to subvert <package>, he could also have > managed to subvert the dpkg audit command itself. Therefore, I cannot trust > the self-referential audit: > > dpkg -V dpkg > > Therefore, I want to run the self-audit of the dpkg command from another > system. > > So, I mount the disk of this computer as folder /mnt/audit in my second > computer, which I still trust. Now, I want to audit the installation foot > print of dpkg in /mnt/audit from this second computer. > > What command do I execute next on my second computer? Is there an option > that allows me to do something similar to the following: > > dpkg -V dpkg --remote-target /mnt/audit > > Is there a way to audit the installation footprint of a package on one > computer from a second computer? >
