[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Root Kit Protection

All of this DOS stuff lately has gotten me thinking about security, and
in particular "root kits".

I was wondering if it might make sense to have a system daemon that checked
the versions of programs on the system against a "trusted" version table.
Perhaps this could be something that was built into the "Packages" file
as an additional data point (MD5 Sum: blah blah blah).

Then a cron job could run weekly/daily/hourly that checked the MD5 sum of
/bin/sh against the one in the Packages file, libc6, etc.  Perhaps Packages
be "signed" to avoid tampering.

Does this sound like it might be useful at all?  It's roughly the same as
tripwire or its ilk, but the auditing would be "pre-processed" such that you
don't have to build the "before" database on your system -- it get's updated
each time you install/upgrade Debian.



Reply to: