[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: testing owner files and integrity

it'd be easy to create a couple scripts to do that for you
something along the lines of (there may be errors :)

--- log ownership ---
find / -printf "%u.%g %p" >/var/log/system.owernship
--- end ---

--- restore ownership ---
while true
  do chown $(sed -n ${i}p)
     [ $? -ne 0 ] && exit 0
     let i=i+1
--- end ---

there would obviously be other and more efficient ways of doing this, but
this is just an example..

-----Original Message-----
From: Samu [mailto:samu@mclink.it]
Sent: Monday, April 30, 2001 7:54 AM
To: debian-security@lists.debian.org
Subject: testing owner files and integrity

last night i did a chown -R nobody. / as root.
i tried to establish the right owner of all files, so i start to check
how to do that under debian ( i remembered it was possible under rh) and....
surprise nothing.
so i started to manually changin owner of my files ( with the help of
machine debian too).

it would be good for dpkg packages to have a list of all permission and
of every file you are installing so it's easier to check this kind of
( also it can be helpful to detect trojan  horse ) .

i mean something like aide but implemented on the structure of .deb
would help sysadm to keep the system as debian suggest.
obviously there are some problems about "customization": e.g. someone wants
tcpdump suid root to permit all his user to watch traffic, so it must be
something which can be suppressed (not like on rh ) but the default
configuration should keep the owner/permission as debian suggest .

what do you think about it ?


Samuele Tonon  <samu@mclink.it>
Undergraduate Student  of  Computer Science at  University of Bologna, Italy
System administrator at Computer Science Lab's, University of Bologna, Italy
Founder & Member of A.A.H.T.
UIN 3155609
          	Acid -- better living through chemistry.
			       Timothy Leary

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact

Reply to: