Re: security idea - bootable CD to check your system

Stephan Wehner wrote:
> I'm wondering why you are looking only at debian packages. Should the
> integrity check not be designed to tell you about all software on your
> system?

To be honest, I forgot about this. I'm only running unmodified debian packages, but I can see that other people might have systems which use custom compiled software.

> Then:
>
> * Other Linux distributions would also benefit.
> * You get more feedback / input / contributions.
> * Your system is checked more thoroughly.
>
> I have the impression there are projects already, that would do to the
> job with some tweaking (tripwire, ..)
>

Maybe, although I can't see how you get round the problem that you need to update the checksum database every time you install new or updated software.

andy
> Plus, you might as well bundle the check with a backup-system, since
> you are already looking at your system at rest, and no services are
> running to worry about.
>
> Stephan
>
> On 6/24/07, andy baxter <andy@earthsong.free-online.co.uk> wrote:
>> Jim Popovitch wrote:
>> > On Sun, 2007-06-24 at 16:50 +0100, andy baxter wrote:
>> >
>> >> The difference is that:
>> >>
>> >> a) These all run on the live system they are trying to protect,
>> >>
>> >
>> > Unless you configure them to only write to an offline mount point that
>> > is normally ro and only rw through external effort.... which is in
>> > Tripwire's best practices.
>> >
>> > -Jim P.
>> >
>> OK, this would work. The problem for me is that it would involve turning
>> the media r/w and updating the database every time I run apt-get to
>> install security updates, which I do once a week. If I was running a
>> large server farm and I was looking after it full time, this would be
>> OK, but my situation is that I have two machines, both for personal use,
>> and I don't want to have to devote my entire life to looking after the
>> security on them. The machines are a laptop for general use, and a
>> server which I use for testing and demonstrating small web-based
>> projects I do for people on a voluntary basis. They are connected to the
>> internet by ADSL, with only the server set to accept incoming
>> connections.
>>
>> The other night, I had my laptop switched on and a sound file I had
>> never heard before played through the speaker (it said 'hello' in
>> someone else's voice). I'm assuming I've been cracked and it was
>> someone's idea of a joke. I've halted the server in case that was their
>> way in, and I'm planning to reinstall both my machines this week, but
>> also looking for a more long term solution which I could put some time
>> into now and save myself and anyone else who wants to use it a lot of
>> trouble in the future.
>>
>> What I'm looking for is a solution where I can do security updates every
>> week, as my first line of defence, but then have a fallback way of
>> detecting intrusions which I could run maybe every month, which doesn't
>> need too much work to keep on top of it once it's been set up. I can
>> probably find ways of improving my security using existing tools, but it
>> occurred to me that the system I described would be a pretty watertight
>> check on whether a system has been cracked, which is what I'm looking
>> for.
>>
>> andy baxter.
>>
>>
>> --
>> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact
>> listmaster@lists.debian.org
>>
>>
>
>

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org