[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)

On Tue, Dec 02, 2003 at 02:01:23PM +0100, Bernhard R. Link wrote:
> > A true IDS is needed, such as aide, tripwire, or cfengine to detect
> > post-installation intrusion.  Tie in aide or tripwire database
> > checks/updates with the apt.conf "PostInst" option in addition to a
> > daily cronjon to ensure the database is updated in a timely manner.
> I think this is even more stupid than using *.md5sums. When they are
> daily generated, you have no chance at all to be sure they are not
> modified.

I'm not following your logic, if that's what you call it.  You're saying
that checking the current filesystem on a daily basis is NOT a good way
to verify filesystem integrity?

Update your system when you introduce a known change (a must).  Check it
daily (a must).  What is incorrect about this policy?

Chad Walstrom <chewie@wookimus.net>           http://www.wookimus.net/
           assert(expired(knowledge)); /* core dump */

Attachment: pgpndxa9xt3_1.pgp
Description: PGP signature

Reply to: