Hi all,
I use the "tripwire" package on a number of systems to maintain a bit
of backup against any successful exploits. However, I was recently
trying to acertain the integrity of a machine that did not have a tripwire
database built from its installation, a process which is nigh on impossible
(the only technique I could try was to build a summary on a different
machine, and use this as a comparison - to at least check binary integrity).
This got me to thinking...currently we keep an MD5 sum of all configuration
files installed on a system, so that we can detect changes in the files
during a system update. Would it be possible to extend this so that
MD5 signatures were kept for _all_ system binaries? These sigs would be
included in the package files (or even in a seperate database on a debian
server?) and could be used to verify the integrity of any debian based system.
A program such as cruft could be produced that also verified binary signatures
against those in the original packages - thus highlighting non-debian
binaries without the need of a tripwire database.
Is this possible to achieve given the existing packaging system framework?
Is anyone interested in this idea, or interested in taking it further?
Best regards all,
Chris
--
----------------------------------------------------------------------
As a computer, I find your faith in technology amusing.
----------------------------------------------------------------------
Reply with subject 'request key' for PGP public key. KeyID 0xA9E087D5
Attachment:
pgpvwqyrmR2Cp.pgp
Description: PGP signature