Re: [PLUG] rpm -Va using apt = debsums

JP Vossen on 11 Jul 2007 18:37:51 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] rpm -Va using apt = debsums

From: JP Vossen <jp@jpsdomain.org>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] rpm -Va using apt = debsums

Date: Wed, 11 Jul 2007 14:37:25 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Thunderbird 2.0.0.4 (Windows/20070604)

Date: Tue, 10 Jul 2007 15:52:02 -0400 From: Antony P Joseph <antony@panathara.org>

> tripwire > http://sourceforge.net/projects/tripwire/

[rpm -Va are debsums are] not cryptographically secure, etc.
>> But it's better than nothing,
it can be used with no prior preparation (as when you get that phone call from a friend, "Hey, something odd happened..."), and it may be useful if used as an additional *layer* of security.

The advantages I can see for Tripwire like software are it can include any files including modified configuration files which will be obviously flagged by debsums or rpm -Va.
I haven't looked into debsums enough to know, but that's not quite true for rpm -Va. It has a number of options so you can ignore certain things, and changes to config files (which are flagged as such in the packaging system) may be ignored. Obviously, ignoring is not the same as verifying, so you've got me there, but you can at least eliminate some known noise.

> You can take security data in a USB drive
or another system so compromising the system does not affect the separately saved security data.
True. But again, my point is that you have to have done all of this ahead of time. *We* in this group may do that. I absolutely guarantee that your typical home or small business user--even the above average ones smart enough to be using Linux, esp. Debian--haven't done it. (They don't have good backups either, but that's another thread.) So when they call you up with a problem, then what? (Yes, I know the only *correct* answer is to rebuild from scratch and restore data backups. Unfortunately, the real world doesn't always work like that.)

But anyway, ideally this is just another layer, not to be depended on.

Thanks, JP ----------------------------|:::======|------------------------------- JP Vossen, CISSP |:::======| jp{at}jpsdomain{dot}org My Account, My Opinions |=========| http://www.jpsdomain.org/ ----------------------------|=========|------------------------------- Microsoft has single-handedly nullified Moore's Law. Innate design flaws of Windows make a personal firewall, anti-virus and anti-malware software mandatory. The resulting software arms race has effectively flattened Moore's Law on hardware running Windows. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Prev by Date: Re: [PLUG] midi

Next by Date: Re: [PLUG] midi

Previous by thread: Re: [PLUG] rpm -Va using apt = debsums

Next by thread: Re: [PLUG] rpm -Va using apt = debsums

Index(es):

Date

Thread