[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debcheckroot v1.0 released



Elmar Stellnberger:
> Dear Debian-Security
> 
>   Having just released debcheckroot I wanna shortly present you my new tool:
> It was originally designed as a replacement for debsums and has the following qualities:
> * full support of Debian repos reading /etc/[apt/]sources.list to fetch checksums online
> * it can check a Debian installation remotely from any Unix-like system just requiring perl, gzip, bzip2 and tar
> * it does not require a chroot into or any tools of the installation to be checked; 
>   debcheckroot is thus the better choice when it comes to security (chroots may infect the freshly booted system); 
>   The checkroot family of programs has already proven to spot various rootkits not detected by chkrootkit and rkhunter
> * usage of checksums in the package header by default rather than locally stored ones (insecure if not backed up on f.i. an USB-stick); fast unpacking on the fly into memory without the creation of temporary files
> * nicely formatted output into files for later analysis
> … and all of that in just a 930 lines of code.
> 
> Though debcheckroot is currently still licensed under S-FSL I am ready to re-publish under any license you like
> if you can at least promise me to maintain the necessary support infrastructure for it:
> * sha256sums rather than the bit old fashioned md5sums
> * checksums for all packages in the core distro (some are still missing md5sums)
> i.e. we would have to update debhelper to create shasums in addition to md5sums and enable this for all packages
> 

Here is a wishlist of mine:

- put your code in git source code management

- create a debcheckroot Debian package

- upload that Debian package to official Debian repository (that would
simplify creation of a Live DVD or Live USB with debcheckroot a lot; and
get debcheckroot from a safer location; helps with publicity)

- doesn't debcheckroot perfectly fit with the Debian reproducible team?
They might be interested in to help with packaging and sponsoring
upload. Please consider getting in touch with them.

Cheers,
Patrick


Reply to: