[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

securing/monitoring Debian devel environment

Dear Debian Comrades,

I can take blame if I am the only one who is somewhat jeopardizing our
project by relying solely on his own eyes, fingers, GIT, belief in a
good will of upstream developers, and moreover trust in the security of
the upstream developers systems and their repositories.

But I guess, I am more of a typical Debian contributor, who develops
Debian contributions on the same system where sensitive keys (SSH, GPG)
are kept and even more -- ssh/gpg-agents are running from time to time.
I do inspect upstream code, and I do check on good intentions of
upstream developers; but I am not relying on some automated (thus
objective) way to assure that my system does not get jeopardized while
the package is being built (in my account or may be as root under
pbuilder) or tested.

If upstream code, for some reason, contained malicious code which
would set up a backdoor or simply perform some malicious actions
targeting Debian servers/uploads, it would be unfortunately possible for
it to take advantage of my system having access to debian infrastructure
(may be not right away, since keys would not be loaded atm and I do use
passphrases; but at a later point after injection of the malicious
script). The only way to completely prevent that would be to develop and
build packages in a completely isolated (virtual machine) environment
with good monitoring/reporting facilities if some abnormal actions
(unwarranted access to the network, creation/editing/adding files
outside of the build-tree) have happened.

So, I wondered what available software solutions other Debian
contributors might be already using to assure the security of their
systems while working on the upstream code
(building/packaging/running). (just to make clear, sanitising the
environment by debuild is not enough)

May be there is a lightweight utility which could be used for
monitoring, e.g. it would report suspicious actions being taken from
within a monitored environment?  e.g., it would

* sanitize environment variables
* monitor open/socket/... syscalls and report abnormal activities
  (e.g. opening network connection, writing to a file outside of
  build-tree,/tmp/, etc)
* provide a summary at the end on the invoked actions by the target

I guess a possible solution which would not only monitor but
guarantee would be SELinux, but I am afraid it might be somewhat
cumbersome to setup policies across the variety of packages I maintain.
So I just wanted to monitor to start with.

Any recommendations on existing solutions/setups would be really welcome

Yours truly,
Keep in touch                                     www.onerussian.com
Yaroslav Halchenko                 www.ohloh.net/accounts/yarikoptic

Attachment: signature.asc
Description: Digital signature

Reply to: