-----Original Message-----
From: andy baxter [mailto:andy@earthsong.free-online.co.uk]
Sent: Sunday, June 24, 2007 7:23 AM
To: debian-security@lists.debian.org
Subject: security idea - bootable CD to check your system
hello,
I am writing to ask what you think of the following idea?
Something that I would like to see is a bootable CDROM which
can check all the packages on a debian system. My idea is
that it would work roughly as follows:
- You halt the machine and put in a bootable CD, then reboot.
- The machine boots from the CD, which is read-only and known
to be good.
- It boots into a minimal linux system which will do nothing but the
following:
- ask you whether you are booting for the first or second time.
- Read a floppy or other removable media to find
configuration information for the machine being checked.
- Read the host machine's hard drive to find a list of all
installed packages.
- Connect once to the network to retrieve a list of files and
their checksums for each of these packages from a debian
server. This list could be saved either to a designated
partition on the hard drive, or to removable media.
- Disconnect from the network.
- Reboot itself.
- The second time round, don't connect to the network.
- instead, check all the binaries (and optionally config
files) against the checksums.
- generate some kind of easy to read report on screen, or
else save it to removable media.
Do you think this would work (i.e. be a good check on whether
your system has been compromised), and is it worth doing? I'm
not sure if I have the skills to take on something like this
all by myself, but I would be willing to put some time in to
help where I can if anyone else wants to have a go at it.
Alternatively, if people don't think it's worth your while
developing something like this, where should I start looking
to try to put it together myself, and is there anyone at
debian who might be able to help me?
yours,
andy baxter.
--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org