Re: Root Kit Protection
I have something like that. Stores several different types
of checksums in mysqldb. Compares various hosts on a network
and even builds scripts to blow away "cruft". Anyone wants
it I'll email a copy. Perl.
cfm
On Wed, Feb 16, 2000 at 04:27:52PM -0800, Brent Fulgham wrote:
> All of this DOS stuff lately has gotten me thinking about security, and
> in particular "root kits".
>
> I was wondering if it might make sense to have a system daemon that checked
> the versions of programs on the system against a "trusted" version table.
> Perhaps this could be something that was built into the "Packages" file
> as an additional data point (MD5 Sum: blah blah blah).
>
> Then a cron job could run weekly/daily/hourly that checked the MD5 sum of
> /bin/sh against the one in the Packages file, libc6, etc. Perhaps Packages
> could
> be "signed" to avoid tampering.
>
> Does this sound like it might be useful at all? It's roughly the same as
> tripwire or its ilk, but the auditing would be "pre-processed" such that you
> don't have to build the "before" database on your system -- it get's updated
> each time you install/upgrade Debian.
>
> Thanks,
>
> -Brent
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
Christopher F. Miller, Publisher cfm@maine.com
MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039
1.207.657.5078 http://www.maine.com/
Database publishing, e-commerce, office/internet integration, Debian linux.
Reply to: