On Tue, Dec 24, 2002 at 11:28:09PM +0000, Steve Kemp wrote: (...) > > There will be a Debian package available shortly, in addition > to the source. Requirements are minimal, libcompress-zlib-perl, > and libwww-perl - and it worked well enough to spot the updated > fetchmail packages a few minutes ago. Not that I don't like people doing new stuff but why not add this to proper packages instead of doing new ones? I have been thinking for some time that we do lack in Debian a "good enough" local security testing script that can "protect" the system by doing some basic checks. The checksecurity script in the cron package is a good start, but is clearly not sufficient (and the name is also misleading, see Bug #163813). I would like a base system to be able to: - do consistency checks for local (critical) configuration files - do MD5sums checks for installed packages (a.k.a. as debsums, IMHO we _must_ provide MD5sums for all sums, even if we do have integrity checking tools [1]) - be able to automatically recover from some critical issues, such as 'base' files being removed from /lib, /usr/lib, /bin... which would turn the system unusable. - detect if security updates are available and warn the administrator This kind of stuff is done already by some other OS (OpenBSD [2] and SuSE [3] which mimics it). I don't want a full-blown system security check, that's what Tiger [4] is for. But I think we should decide on which security checks should be considered 'critical' and include them either in the cron package or a new 'base' package (which should probably use cron). Some other good features: - lightweight (to avoid system overload). See Bug #31902 - secure (of course :) Maybe it could run as a daemon instead of depending on cron. - meaningful (opposite of obscure) That is, anyone should be able to understand the output and take appropiate measure. This means that all necesary actions should be documented thoroughly. - based on already available, and GPLd, security checks (I would like the base to be Tiger [5], but that is a personal bias, after all I am the maintainer) I'm willing to put some time into this, but I wonder which are the tests other developers feel are absolutely necessary. We migh need to also change some of our policies and tools (see bug #132767, I don't agree with the reasons for closing it BTW, and bug #155799 and bug #155676). Dpkg, for example, does not store permissions (see bug #34194) and that could be very useful for system checks (and recover). Are there people that could contribute time and effort in this issue? (like patching dpkg to fix the current related bugs or writing the appropiate checks to include in the cron package). Regards Javi [1] Even if we recommend users to take snapshots: http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s-snapshot or provide full-blown integrity checking tools: http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s-check-integ [2] OpenBSD's /etc/security available at http://www.openbsd.org/cgi-bin/cvsweb/src/etc/security?rev=1.54&content-type=text/x-cvsweb-markup [3] Suse check-security information available at: http://www.suse.de/~marc/README.seccheck and http://www.suse.de/~marc/seccheck-2.0.tar.gz [4] http://savannah.nongnu.org/projects/tiger/ and http://packages.debian.org/tiger [5] Latest sources available for Linux security checks at: http://savannah.nongnu.org/cgi-bin/viewcvs/tiger/tiger/systems/Linux/2/ and generic checks at: http://savannah.nongnu.org/cgi-bin/viewcvs/tiger/tiger/scripts/
Attachment:
pgpMv27azYftU.pgp
Description: PGP signature