Ron Johnson wrote:
On 2010-03-09 02:58, thib wrote:Ron Johnson wrote:I'd hash each of the files in /boot (storing the results in a thumb drive if you are paranoid) just before you reboot and then just after.How would you do it after with an offline system? That would require to systematically run the machine in a virtualized environment (and other things); not sure that's worth it.Put your hashing script/program on the thumb drive then boot from a Live CD.
Sorry, I meant, how would you run the hashing program before the reboot? I think it has little value if it's ran by the live system beeing checked. Sames goes for a check after the actual boot - only a hypervising or external system should do it.
The only moment I can think of when it would actually be useful is right before the boot phase, and yes, any live CD/thumb drive would do. I guess it's kinda overkill though, a boot loader module would maybe be more appropriate, it's really not a complex task. Well as long as it doesn't have to do sig analysis anyway - which it probably shouldn't; I suppose it shouldn't do anything else than raise a red flag, further in-depth analysis can be done manually after that.
Would you care to share your solution, Clive? -thib