[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: who owns the ports?

On Fri, 9 Feb 2001, Rolf Kutz wrote:

> Wade Richards (wrichard@direct.ca) wrote:
> > I've got a rescue CD with most of the packages on it, and most(*) of
> > those packages include MD5 sums for all the files.
> > 
> > There should be a way to, after booting up on my rescue CD, check all
> > my files against the MD5 checksums on the CD (ignoring the conffiles,
> > of course).
> Tripwire
> > Better yet, for the packages that are not on my CD, it could get the
> > MD5s from the FTP archive.
> > 
> > Does anyone know of such a feature already in the rescue disks?
> No, but you can do it with tripwire.

Yes. Simple rules of the thumb: 

1) use a clean rescue CD to boot from it (to be safe from rootkits).
always do a cold boot (from power off state), just in case

2) use the tripwire binary from the CD to build a database of
signatures of the important files on your computer and store it on
a floppy (it will usually fit, if you compress it)

3) from time to time, or if you suspect a compromise, boot again from the
CD and check the integrity of the files against the signatures on your

4) NEVER EVER rewrite your database (or insert the floppy disk containing
it write enabled) on an untrusted host



Giacomo Mulas <gmulas@ca.astro.it, gmulas@tiscalinet.it>

Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)

Tel.: +39 070 71180 216     Fax : +39 070 71180 222

"When the storms are raging around you, stay right where you are"
                         (Freddy Mercury)

Reply to: