On Sun, 2007-06-24 at 19:01 +0200, Bernhard R. Link wrote:
> I had someone in the past considered this, too. First of all debsums's
> main advantage is looking for unintended changes (and its indeed a shame
> so many of the important packages come without, that makes bad RAM or
> unreliable control
Stephan Wehner wrote:
> I have the impression there are projects already, that would do to the
> job with some tweaking (tripwire, ..)
>
Maybe, although I can't see how you get round the problem that you need
to update the checksum database every time you install new or updated
software.
Ok, I
> I have the impression there are projects already, that would do to the
> job with some tweaking (tripwire, ..)
>
Maybe, although I can't see how you get round the problem that you need
to update the checksum database every time you install new or updated
software.
Ok, I see your problem: you w
Stephan Wehner wrote:
I'm wondering why you are looking only at debian packages. Should the
integrity check not be designed to tell you about all software on your
system?
To be honest, I forgot about this. I'm only running unmodified debian
packages, but I can see that other people might have sy
* andy baxter <[EMAIL PROTECTED]> [070624 19:49]:
> Thanks for the encouragement. I've been looking into it a bit more, and
> I'm not sure that it would be possible for me to build this by myself,
> as it would need changes to the debian ftp archive to work. I.e. you
> would need there to be a retr
I'm wondering why you are looking only at debian packages. Should the
integrity check not be designed to tell you about all software on your
system?
Then:
* Other Linux distributions would also benefit.
* You get more feedback / input / contributions.
* Your system is checked more thoroughly.
I
Jim Popovitch wrote:
On Sun, 2007-06-24 at 16:50 +0100, andy baxter wrote:
The difference is that:
a) These all run on the live system they are trying to protect,
Unless you configure them to only write to an offline mount point that
is normally ro and only rw through external effort
Thanks for the encouragement. I've been looking into it a bit more, and
I'm not sure that it would be possible for me to build this by myself,
as it would need changes to the debian ftp archive to work. I.e. you
would need there to be a retrievable list of filenames and checksums for
every pack
* andy baxter <[EMAIL PROTECTED]> [070624 18:19]:
> I've tried using debsums - however it's not really a good check on your
> system because the program and the data it's using both come from the
> system you are trying to check, so could be compromised. Also, it seems
> to miss out many importa
Andy,
Sounds like you're looking for debsums[1]? A CD/DVD is possible but
doesn't allow fingerprint updates. I know that certain Sony MemoryStick
are equipped with an rw/ro switch. So a cardreader or usb thumbdrive
makes it posible to only use 1 medium instead of two and it still has
the read-only
On Sun, 2007-06-24 at 16:50 +0100, andy baxter wrote:
> The difference is that:
>
> a) These all run on the live system they are trying to protect,
Unless you configure them to only write to an offline mount point that
is normally ro and only rw through external effort which is in
Tripwire's
I've tried using debsums - however it's not really a good check on your
system because the program and the data it's using both come from the
system you are trying to check, so could be compromised. Also, it seems
to miss out many important packages - e.g. here's the standard error
output from
The difference is that:
a) These all run on the live system they are trying to protect, so in
principle they can be neutralised at the same time as the system is
attacked, the same as any other binary. E.g. like the way attackers
modify system programs like 'find' to hide files they have insta
Tripwire, integrit and aide all perform something similar to what you
described.
> -Original Message-
> From: andy baxter [mailto:[EMAIL PROTECTED]
> Sent: Sunday, June 24, 2007 7:23 AM
> To: debian-security@lists.debian.org
> Subject: security idea - bootable CD to check your system
>
>
hello,
I am writing to ask what you think of the following idea? Something that
I would like to see is a bootable CDROM which can check all the packages
on a debian system. My idea is that it would work roughly as follows:
- You halt the machine and put in a bootable CD, then reboot.
- The ma
15 matches
Mail list logo
