[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

System integrity...



Hi all,

I use the "tripwire" package on a number of systems to maintain a bit
of backup against any successful exploits.  However, I was recently
trying to acertain the integrity of a machine that did not have a tripwire
database built from its installation, a process which is nigh on impossible
(the only technique I could try was to build a summary on a different
machine, and use this as a comparison - to at least check binary integrity).

This got me to thinking...currently we keep an MD5 sum of all configuration
files installed on a system, so that we can detect changes in the files
during a system update.  Would it be possible to extend this so that
MD5 signatures were kept for _all_ system binaries?  These sigs would be
included in the package files (or even in a seperate database on a debian
server?) and could be used to verify the integrity of any debian based system.

A program such as cruft could be produced that also verified binary signatures
against those in the original packages - thus highlighting non-debian
binaries without the need of a tripwire database.

Is this possible to achieve given the existing packaging system framework?
Is anyone interested in this idea, or interested in taking it further?


Best regards all,

Chris


-- 

----------------------------------------------------------------------
       As a computer, I find your faith in technology amusing.
----------------------------------------------------------------------
Reply with subject 'request key' for PGP public key.  KeyID 0xA9E087D5

Attachment: pgpi3H5AzvRIR.pgp
Description: PGP signature


Reply to: