Hi all, I use the "tripwire" package on a number of systems to maintain a bit of backup against any successful exploits. However, I was recently trying to acertain the integrity of a machine that did not have a tripwire database built from its installation, a process which is nigh on impossible (the only technique I could try was to build a summary on a different machine, and use this as a comparison - to at least check binary integrity). This got me to thinking...currently we keep an MD5 sum of all configuration files installed on a system, so that we can detect changes in the files during a system update. Would it be possible to extend this so that MD5 signatures were kept for _all_ system binaries? These sigs would be included in the package files (or even in a seperate database on a debian server?) and could be used to verify the integrity of any debian based system. A program such as cruft could be produced that also verified binary signatures against those in the original packages - thus highlighting non-debian binaries without the need of a tripwire database. Is this possible to achieve given the existing packaging system framework? Is anyone interested in this idea, or interested in taking it further? Best regards all, Chris -- ---------------------------------------------------------------------- As a computer, I find your faith in technology amusing. ---------------------------------------------------------------------- Reply with subject 'request key' for PGP public key. KeyID 0xA9E087D5
Attachment:
pgpvwqyrmR2Cp.pgp
Description: PGP signature