Re: /boot partition changes when it should not

To: debian-user@lists.debian.org
Subject: Re: /boot partition changes when it should not
From: Robert Brockway <robert@timetraveller.org>
Date: Thu, 11 Mar 2010 00:09:10 -0500 (EST)
Message-id: <[🔎] alpine.DEB.1.10.1003102357060.18309@castor.opentrend.net>
In-reply-to: <[🔎] 4B95A293.1030001@web.de>
References: <[🔎] 4B9575F9.4040200@web.de> <[🔎] 4B958200.40204@gmail.com> <[🔎] 4B958D30.9000704@stammed.net> <[🔎] 4B959638.7040406@web.de> <[🔎] 4B959785.7020302@stammed.net> <[🔎] 4B959C93.20204@symantec.com> <[🔎] 4B95A293.1030001@web.de>

On Tue, 9 Mar 2010, Clive McBarton wrote:

umount /boot; mount /boot; dd_rescue /dev/sda1 /tmp/boot1;
umount /boot; mount /boot; dd_rescue /dev/sda1 /tmp/boot2;
diff /tmp/boot1 /tmp/boot2


Hi Clive.  I've never used diff to compare binary files.

Is the md5sum of the different files the same?

Result: No change. Hence it does not increment a mount count as long as
it is manually unmounted and remounted while the system is up.

The filesystem sees no distinction between mounting during boot ormounting any other time. It does increment the mount count. I even wentand confirmed this on one of my systems. Same situation - ext3 /boot.


Use tune2fs -l <filesystem device> to take a look.

Malicious modifying of files with a disk editor is exactly the undesired
stuff that this whole checksumming is supposed to detect.

Why not just use Aide? It's a path of least resistance IMHO and willproduce a better overall result.

To get an absolute, no write, ever, to the device, the OP will need to
figure out how to force  read only permissions on the device /dev/sda1,
across boots.


Phantastic idea! Can it be done? I have not heard about this yet. It
would be great.

Well that's a big topic in itself. I think you'd need to get in tomandatory access controls to do this in an effective way.


Cheers,

Rob

--
Email: robert@timetraveller.org
IRC: Solver
Web: http://www.practicalsysadmin.com
Open Source: The revolution that silently changed the world

Reply to:

Follow-Ups:
- Re: /boot partition changes when it should not
  - From: Robert Brockway <robert@timetraveller.org>
- Re: /boot partition changes when it should not
  - From: Clive McBarton <clivemcbarton@web.de>

References:
- /boot partition changes when it should not
  - From: Clive McBarton <clivemcbarton@web.de>
- Re: /boot partition changes when it should not
  - From: Aioanei Rares <debian.dev.list@gmail.com>
- Re: /boot partition changes when it should not
  - From: thib <thib@stammed.net>
- Re: /boot partition changes when it should not
  - From: Clive McBarton <clivemcbarton@web.de>
- Re: /boot partition changes when it should not
  - From: thib <thib@stammed.net>
- Re: /boot partition changes when it should not
  - From: Bob McGowan <bob_mcgowan@symantec.com>
- Re: /boot partition changes when it should not
  - From: Clive McBarton <clivemcbarton@web.de>

Prev by Date: Re: /boot partition changes when it should not
Next by Date: Re: /boot partition changes when it should not
Previous by thread: Re: /boot partition changes when it should not
Next by thread: Re: /boot partition changes when it should not
Index(es):
- Date
- Thread