Re: security idea - bootable CD to check your system

• andy baxter <andy@earthsong.free-online.co.uk> [070624 19:49]:
  > Thanks for the encouragement. I've been looking into it a bit more, and
  > I'm not sure that it would be possible for me to build this by myself,
  > as it would need changes to the debian ftp archive to work. I.e. you
  > would need there to be a retrievable list of filenames and checksums for
  > every package in the debian 'pool' archive, which doesn't exist at
  > present. E.g. for every '.deb' file, there would be a '.deb.sums' file
  > in the same directory.
  

This is not needed. The only thing that is needed is some serer having them. And while this is low profile anyone would do. Ideally everything within a stable release was already within the image, so there is no need to activate the network. Once this eats enough bandwith to be a problem that means it is that much widespread that there should be no problem to get it into Debian.

> You could avoid the problem of people adding files by also generating a
> list of all the files in certain directories (/bin, /lib, /usr) which
> don't match an installed package. This list should hopefully be small
> and manageable enough that someone could scan through it quickly to see
> if anything odd has changed

I don't think limiting to so few paths is enough. A little and hard to spot modification in any init script or other programs config or data files can cause something hidden elsewhere being executed. And decifing if things are odd or not needs quite some experience. And of course a single suid binary in a non-standard path called in one user's init script also suffices to make to whole searching vain when not found.

Hochachtungsvoll,

        Bernhard R. Link

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org