[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Common (basic) security checks for a base installation? (was Re: Security notification script in Perl)



On Tue, Dec 24, 2002 at 11:28:09PM +0000, Steve Kemp wrote:
(...)
> 
>   There will be a Debian package available shortly, in addition
>  to the source.  Requirements are minimal, libcompress-zlib-perl,
>  and libwww-perl - and it worked well enough to spot the updated
>  fetchmail packages a few minutes ago.

Not that I don't like people doing new stuff but why not add this to
proper packages instead of doing new ones?

I have been thinking for some time that we do lack in Debian a "good
enough" local security testing script that can "protect" the system by
doing some basic checks. 

The checksecurity script in the cron package is a good start, but is
clearly not sufficient (and the name is also misleading, see Bug #163813). 
I would like a base system to be able to: 

- do consistency checks for local (critical) configuration files

- do MD5sums checks for installed packages (a.k.a. as debsums, IMHO we
_must_ provide MD5sums for all sums, even if we do have integrity checking
tools [1])

- be able to automatically recover from some critical issues, such as
'base' files being removed from /lib, /usr/lib, /bin... which would turn
the system unusable.

- detect if security updates are available and warn the administrator

This kind of stuff is done already by some other OS (OpenBSD [2] and SuSE
[3] which mimics it). 

I don't want a full-blown system security check, that's what Tiger [4] is
for. But I think we should decide on which security checks should be
considered 'critical' and include them either in the cron package or a new
'base' package (which should probably use cron).

Some other good features:

- lightweight (to avoid system overload). See Bug #31902

- secure (of course :) Maybe it could run as a daemon instead of depending
on cron.

- meaningful (opposite of obscure) That is, anyone should be able to
understand the output and take appropiate measure. This means that all
necesary actions should be documented thoroughly.

- based on already available, and GPLd, security checks (I would like the
base to be Tiger [5], but that is a personal bias, after all I am the
maintainer) 


I'm willing to put some time into this, but I wonder which are the tests
other developers feel are absolutely necessary. We migh need to also
change some of our policies and tools (see bug #132767, I don't agree with
the reasons for closing it BTW, and bug #155799 and bug #155676). Dpkg,
for example, does not store permissions (see bug #34194) and that could be
very useful for system checks (and recover).

Are there people that could contribute time and effort in this issue?
(like patching dpkg to fix the current related bugs or writing the
appropiate checks to include in the cron package).

Regards

Javi


[1] Even if we recommend users to take snapshots: 
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s-snapshot
or provide full-blown integrity checking tools:
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s-check-integ

[2] OpenBSD's /etc/security available at
http://www.openbsd.org/cgi-bin/cvsweb/src/etc/security?rev=1.54&content-type=text/x-cvsweb-markup

[3] Suse check-security information available at:
http://www.suse.de/~marc/README.seccheck
and
http://www.suse.de/~marc/seccheck-2.0.tar.gz

[4] http://savannah.nongnu.org/projects/tiger/
and 
http://packages.debian.org/tiger

[5] Latest sources available for Linux security checks at:
http://savannah.nongnu.org/cgi-bin/viewcvs/tiger/tiger/systems/Linux/2/
and generic checks at:
http://savannah.nongnu.org/cgi-bin/viewcvs/tiger/tiger/scripts/

Attachment: pgpQA9Kmrqrso.pgp
Description: PGP signature


Reply to: