Root Kit Protection

To: Debian-Devel <debian-devel@lists.debian.org>
Subject: Root Kit Protection
From: Brent Fulgham <brent.fulgham@xpsystems.com>
Date: Wed, 16 Feb 2000 16:27:52 -0800
Message-id: <EDFD2A95EE7DD31187350090279C67674AB178@THRESHER>

All of this DOS stuff lately has gotten me thinking about security, and
in particular "root kits".

I was wondering if it might make sense to have a system daemon that checked
the versions of programs on the system against a "trusted" version table.
Perhaps this could be something that was built into the "Packages" file
as an additional data point (MD5 Sum: blah blah blah).

Then a cron job could run weekly/daily/hourly that checked the MD5 sum of
/bin/sh against the one in the Packages file, libc6, etc.  Perhaps Packages
could
be "signed" to avoid tampering.

Does this sound like it might be useful at all?  It's roughly the same as
tripwire or its ilk, but the auditing would be "pre-processed" such that you
don't have to build the "before" database on your system -- it get's updated
each time you install/upgrade Debian.

Thanks,

-Brent

Reply to:

Follow-Ups:
- Re: Root Kit Protection
  - From: "Mr. Christopher F. Miller" <cfm@maine.com>
- Re: Root Kit Protection
  - From: wind@freewwweb.com (Allan M. Wind)
- Re: Root Kit Protection
  - From: Marc Martinez <lastxit@technogeeks.org>
- Re: Root Kit Protection
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: RE: ITA: wxWindows packages
Next by Date: Re: Root Kit Protection
Previous by thread: Re: Bug#58212: Mutt in slink-proposed-updates doesn't allow write access
Next by thread: Re: Root Kit Protection
Index(es):
- Date
- Thread