Contrasting BSIGN and TRIPWIRE
I found tripwire...already in Debian %^). You gotta love Debian.
Their stated goals intersect with bsign. AFAICT, bsign is infinitely
simpler. The signatures are stored in each file. The scan for file
changes can be done with a simple script--I'll be writing a version of
one for the package. Tripwire supports any file type. Bsign will
support elf and any text file that has a comment prefix which should
suffice. Tripwire has a license that prevents it from being free.
Bsign is GPL.
If there is support among Debian developers, I think we could use this
to sign all of our executables, libraries, and kernel modules.
My next project is to implement version control for system
configuration files. This can integrate with bsign, too, in that the
administrator can sign (bless) the edited config files as part of the
standard process. If someone is really paranoid, he can use a
smartcard for signature generation and/or a NFS mount of the system
being adminstered to isolate encryption from a vulnerable system.