security idea - bootable CD to check your system
hello,
I am writing to ask what you think of the following idea? Something that
I would like to see is a bootable CDROM which can check all the packages
on a debian system. My idea is that it would work roughly as follows:
- You halt the machine and put in a bootable CD, then reboot.
- The machine boots from the CD, which is read-only and known to be good.
- It boots into a minimal linux system which will do nothing but the
following:
- ask you whether you are booting for the first or second time.
- Read a floppy or other removable media to find configuration
information for the machine being checked.
- Read the host machine's hard drive to find a list of all installed
packages.
- Connect once to the network to retrieve a list of files and their
checksums for each of these packages from a debian server. This list
could be saved either to a designated partition on the hard drive, or to
removable media.
- Disconnect from the network.
- Reboot itself.
- The second time round, don't connect to the network.
- instead, check all the binaries (and optionally config files) against
the checksums.
- generate some kind of easy to read report on screen, or else save it
to removable media.
Do you think this would work (i.e. be a good check on whether your
system has been compromised), and is it worth doing? I'm not sure if I
have the skills to take on something like this all by myself, but I
would be willing to put some time in to help where I can if anyone else
wants to have a go at it.
Alternatively, if people don't think it's worth your while developing
something like this, where should I start looking to try to put it
together myself, and is there anyone at debian who might be able to help
me?
yours,
andy baxter.
Reply to: