[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: security idea - bootable CD to check your system

I'm wondering why you are looking only at debian packages. Should the
integrity check not be designed to tell you about all software on your
system?

Then:

* Other Linux distributions would also benefit.
* You get more feedback / input / contributions.
* Your system is checked more thoroughly.

I have the impression there are projects already, that would do to the
job with some tweaking (tripwire, ..)

Plus, you might as well bundle the check with a backup-system, since
you are already looking at your system at rest, and no services are
running to worry about.

Stephan

On 6/24/07, andy baxter <andy@earthsong.free-online.co.uk> wrote:

Jim Popovitch wrote:
> On Sun, 2007-06-24 at 16:50 +0100, andy baxter wrote:
>
>> The difference is that:
>>
>> a) These all run on the live system they are trying to protect,
>>
>
> Unless you configure them to only write to an offline mount point that
> is normally ro and only rw through external effort.... which is in
> Tripwire's best practices.
>
> -Jim P.
>
OK, this would work. The problem for me is that it would involve turning
the media r/w and updating the database every time I run apt-get to
install security updates, which I do once a week. If I was running a
large server farm and I was looking after it full time, this would be
OK, but my situation is that I have two machines, both for personal use,
and I don't want to have to devote my entire life to looking after the
security on them. The machines are a laptop for general use, and a
server which I use for testing and demonstrating small web-based
projects I do for people on a voluntary basis. They are connected to the
internet by ADSL, with only the server set to accept incoming connections.

The other night, I had my laptop switched on and a sound file I had
never heard before played through the speaker (it said 'hello' in
someone else's voice). I'm assuming I've been cracked and it was
someone's idea of a joke. I've halted the server in case that was their
way in, and I'm planning to reinstall both my machines this week, but
also looking for a more long term solution which I could put some time
into now and save myself and anyone else who wants to use it a lot of
trouble in the future.

What I'm looking for is a solution where I can do security updates every
week, as my first line of defence, but then have a fallback way of
detecting intrusions which I could run maybe every month, which doesn't
need too much work to keep on top of it once it's been set up. I can
probably find ways of improving my security using existing tools, but it
occurred to me that the system I described would be a pretty watertight
check on whether a system has been cracked, which is what I'm looking for.

andy baxter.


--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org





--
Stephan Wehner

-> http://stephan.sugarmotor.org
-> http://www.thrackle.org
-> http://www.buckmaster.ca
-> http://www.trafficlife.com
-> http://stephansmap.org
Reply to: