Re: checking system integrity
sounds like tripwire which is now apparently available under the GPL:
perhaps your time would be better spent packaging this up to replace the
non-free version below?:
bash-2.04$ apt-cache show
Maintainer: Stephen Zander <email@example.com>
Depends: libc6 (>= 2.1)
Description: A file and directory integrity checker.
Tripwire is a tool that aids system administrators and users in
monitoring a designated set of files for any changes. Used with
system files on a regular (e.g., daily) basis, Tripwire can notify
system administrators of corrupted or tampered files, so damage
control measures can be taken in a timely manner.
On 9 Feb 2001, Brian May wrote:
> Previously there were proposals on this mailing list to check the
> system integrity, by saving the md5sums of files. However, this
> has a number of limitations:
> - no way to ensure md5sum is not altered (unless stored on read-only
> - no way to check symlinks.
> - no way to check other parameters, eg. permissions, and file size
> (people have said just checking the md5sum by itself is not good
> enough, you need to check the size, too).
> So, I have started of by writing perl scripts that
> a) construct an index file (XML based) that records parameters of the
> file (eg md5sum, size, symlink).
> b) allows signing this file (as many times as required) with gpg. eg.
> you could sign the file on the original computer, securely transfer it
> to another, and sign it with another key there.
> All files are combined into one ar archive.
> So basically I reduce the problem from "has file X changed" to "are
> the public keys correct and the programs used to validate this
> information correct?"
> (note: the signatures could be validated on another computer too, if
> you trust it more).
> Probably the hardest bit is ensuring that the program carries out its
> checks on files correctly. Ideally the program should be statically
> linked in compiled form, so it can be run from read-only floppy disk,
> for instance (currently it is written in Perl)
> Although it works, there are a number of implementation issues I still
> need to fix (eg. rewriting it in C).