[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dpkg verify mode for security?



In message <199705152051.QAA25764@unix3.netaxs.com> you write:
|'Amos Shapira wrote:'
|>
|>I was asking over Linux-ISP about doing cleanup after breakins and got
|>many "use tripwire" answers, and one which says that RPM has a verify
|>mode which checks for files which were changed since they were
|>installed.  Can the dpkg maintainers consider adding such a feature
|>for Debian?
|
|What does the rpm verify give you?  As far as I can tell it gives a
|false sense of security.  Nothing more.  The rpm database is easily
|hacked once root access is attained.
|
|Tripwire or something similar is the only viable option.

You give the answer yourself :-).  What I was thinking about is the
ability to verify files against a database on a non-writeable media
(or fetched from the net).

Someone pointed me to an experimental package called 'dpkgcert', which
seems to do just that.  Look at the experimental directory on
master.debian.org.

Cheers,

--Amos

--Amos Shapira                    | "Of course Australia was marked for
133 Shlomo Ben-Yosef st.          |  glory, for its people had been chosen
Jerusalem 93 805                  |  by the finest judges in England."
ISRAEL             amos@dsi.co.il |                     -- Anonymous


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .


Reply to: