Re: security idea - bootable CD to check your system

Stephan Wehner wrote:
>> > I have the impression there are projects already, that would do to the
>> > job with some tweaking (tripwire, ..)
>> >
>> Maybe, although I can't see how you get round the problem that you need
>> to update the checksum database every time you install new or updated
>> software.
>
> Ok, I see your problem: you want some other source, not your system,
> to hold the values (checksums) that ensure integrity. But you do not
> mind that it is online (not available when your system is not
> connected to the Internet)
>
> So when you run a security-check, and new software has been added, you
> might as well define a route to a place to hold the
> newly-to-be-calculated checksums (CD-ROM/USB stick, outside server
> where you can post/read, gmail-filesystem, etc).
>

The idea of doing it this way was that you can run a check at any time without having to keep updating the checksum database yourself, because it's automatically updated online whenever a new package comes out.
> A worthwhile ambition, where I still feel it'll be as hard to make it
> debian-only as not. Another point is that configuration files play a
> big part in the security of your system and a debian-only package
> checksum will not be able to capture the state of locally changed
> configurations. For example if your fstab says "mount this partitiion
> read-only" then you would like to be notified by your check if that
> has been changed (maliciously).

 From what you and other people have said, I'm realising that running a secure system isn't as simple as I had thought at first. What I'm thinking of doing is putting this idea to the back of my mind for a while, and meanwhile concentrating on learning how to secure my network better with the existing tools. Hopefully, once I've got some experience with this, then I'll be able to see a bit better how far the process can be automated.

Thanks to everyone who has replied for your time.

andy baxter.
>
>
>
>>
>> andy
>> > Plus, you might as well bundle the check with a backup-system, since
>> > you are already looking at your system at rest, and no services are
>> > running to worry about.
>> >
>> > Stephan
>> >
>> > On 6/24/07, andy baxter <andy@earthsong.free-online.co.uk> wrote:
>> >> Jim Popovitch wrote:
>> >> > On Sun, 2007-06-24 at 16:50 +0100, andy baxter wrote:
>> >> >
>> >> >> The difference is that:
>> >> >>
>> >> >> a) These all run on the live system they are trying to protect,
>> >> >>
>> >> >
>> >> > Unless you configure them to only write to an offline mount
>> point that
>> >> > is normally ro and only rw through external effort.... which is in
>> >> > Tripwire's best practices.
>> >> >
>> >> > -Jim P.
>> >> >
>> >> OK, this would work. The problem for me is that it would involve
>> turning
>> >> the media r/w and updating the database every time I run apt-get to
>> >> install security updates, which I do once a week. If I was running a
>> >> large server farm and I was looking after it full time, this would be
>> >> OK, but my situation is that I have two machines, both for
>> personal use,
>> >> and I don't want to have to devote my entire life to looking after
>> the
>> >> security on them. The machines are a laptop for general use, and a
>> >> server which I use for testing and demonstrating small web-based
>> >> projects I do for people on a voluntary basis. They are connected
>> to the
>> >> internet by ADSL, with only the server set to accept incoming
>> >> connections.
>> >>
>> >> The other night, I had my laptop switched on and a sound file I had
>> >> never heard before played through the speaker (it said 'hello' in
>> >> someone else's voice). I'm assuming I've been cracked and it was
>> >> someone's idea of a joke. I've halted the server in case that was
>> their
>> >> way in, and I'm planning to reinstall both my machines this week, but
>> >> also looking for a more long term solution which I could put some
>> time
>> >> into now and save myself and anyone else who wants to use it a lot of
>> >> trouble in the future.
>> >>
>> >> What I'm looking for is a solution where I can do security updates
>> every
>> >> week, as my first line of defence, but then have a fallback way of
>> >> detecting intrusions which I could run maybe every month, which
>> doesn't
>> >> need too much work to keep on top of it once it's been set up. I can
>> >> probably find ways of improving my security using existing tools,
>> but it
>> >> occurred to me that the system I described would be a pretty
>> watertight
>> >> check on whether a system has been cracked, which is what I'm looking
>> >> for.
>> >>
>> >> andy baxter.
>> >>
>> >>
>> >> --
>> >> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
>> >> with a subject of "unsubscribe". Trouble? Contact
>> >> listmaster@lists.debian.org
>> >>
>> >>
>> >
>> >
>>
>>
>> --
>> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact
>> listmaster@lists.debian.org
>>
>>
>
>

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org