Re: dpkg verify mode for security?

[Dirk Eddelbuettel]

  Amos> Or an audit-trail of invocations of dpkg (e.g. "adduser 3.1-2
  Amos> installed and configured successfully on Wed May 29 1997 00:00:23,
  Amos> replaced adduser-3.1-0")

  Darren>  I asked for this a while back and was told that not very many
  Darren> people wanted it.  I still think it would be a useful feature...

That exists (almost as it doesn't log the version number of the replaced
package). 

Use the dpkg-mountable package (and dpkg method) and you will have logs:

[EMAIL PROTECTED]:~> zgrep perl /var/log/dpkg-mountable.?.gz
/var/log/dpkg-mountable.2.gz:Package perl-tk has no filename, skipping.
/var/log/dpkg-mountable.2.gz:Installing package libwww-perl version 5.07-1 from 
/mirror/debian/frozen/binary-i386/interpreters/libwww-perl_5.07-1.deb
/var/log/dpkg-mountable.2.gz:Unpacking libwww-perl (from 
.../libwww-perl_5.07-1.deb) ...
/var/log/dpkg-mountable.2.gz:Setting up libwww-perl (5.07-1) ...

--
 Sorry for the delay in replying to your email, but I was Europe for
six days last week and am currently moving into a new place.




--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: dpkg verify mode for security?

[Vincent Renardias]

On 22 May 1997, Darren/Torin/Who Ever... wrote:

> Amos Shapira, in an immanent manifestation of deity, wrote:
> >Or an audit-trail of invocations of dpkg (e.g. "adduser 3.1-2 installed
> >and configured successfully on Wed May 29 1997 00:00:23, replaced
> >adduser-3.1-0")
> 
> I asked for this a while back and was told that not very many people
> wanted it.  I still think it would be a useful feature...

Me too. _(;

--
- ** Linux ** +---+ ** WAW ** -
-  [EMAIL PROTECTED] | RENARDIAS Vincent |  [EMAIL PROTECTED]  -
-  Debian/GNU Linux   +---+  http://www.waw.com/  -
-  http://www.debian.org/   |WAW  (33) 4 91 81 21 45  -
---


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: dpkg verify mode for security?

[Darren/Torin/Who Ever...]

-BEGIN PGP SIGNED MESSAGE-

Amos Shapira, in an immanent manifestation of deity, wrote:
>Or an audit-trail of invocations of dpkg (e.g. "adduser 3.1-2 installed
>and configured successfully on Wed May 29 1997 00:00:23, replaced
>adduser-3.1-0")

I asked for this a while back and was told that not very many people
wanted it.  I still think it would be a useful feature...

Darren
- -- 
<[EMAIL PROTECTED]>  <[EMAIL PROTECTED]> <[EMAIL 
PROTECTED]>
Darren Stalder/2608 Second Ave, @282/Seattle, WA 98121-1212/USA/+1-800-921-4996
@ Do you have your clothes on? I probably don't. Take yours off. Feel better. @
@ Sysadmin, webweaver, postmaster for hire.  C/Perl/CGI programmer and tutor. @

-BEGIN PGP SIGNATURE-
Version: 2.6.3
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBM4SQKo4wrq++1Ls5AQEGUQP/ZpMq6FOEwlTCfZjdGoZDv9xe1TjTaT1Q
2GsneV43D/V1g1/bhsvAhd8iZv46R/l5Cd5hdQa2s778nbAXZ/0vvZ0bqTDWLCX9
YPmaHR7ejz8jav7HBZ4Uz2DY3mdU5/0+xApYVj45sYI4LtMGOelw3lqwE29nMaX8
emvk6EYyIcY=
=MdoP
-END PGP SIGNATURE-


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: dpkg verify mode for security?

[Amos Shapira]

Darren/Torin/Who Ever... wrote:
> Actually, as opposed t a security measure, I would've found something
> like this useful as a backup-check measure.
> 
> I had a nasty head-crash last week.  Thankfully, I had recent backups.
> Unfortunately, I had upgraded a number of packages after the latest
> backup.  /usr was hit hard but /var was pretty clean.  So, I had
> restored some old version of files and had no real idea which ones.  I
> figure that eventually, they will all get replaced.  Still, being able
> to write a perl script that tells me which files didn't match the stuff
> in /var/lib/dpkg/info would've been handy.

Or an audit-trail of invocations of dpkg (e.g. "adduser 3.1-2 installed
and configured successfully on Wed May 29 1997 00:00:23, replaced
adduser-3.1-0")

Cheers,

--Amos

--Amos Shapira  | "Of course Australia was marked for
|  glory, for its people had been chosen
[EMAIL PROTECTED]  |  by the finest judges in England."
| -- Anonymous


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: dpkg verify mode for security?

[Darren/Torin/Who Ever...]

-BEGIN PGP SIGNED MESSAGE-

Chris Fearnley, in an immanent manifestation of deity, wrote:
>'Amos Shapira wrote:'
>>many "use tripwire" answers, and one which says that RPM has a verify
>>mode which checks for files which were changed since they were
>
>What does the rpm verify give you?  As far as I can tell it gives a
>false sense of security.  Nothing more.  The rpm database is easily
>hacked once root access is attained.

Actually, as opposed t a security measure, I would've found something
like this useful as a backup-check measure.

I had a nasty head-crash last week.  Thankfully, I had recent backups.
Unfortunately, I had upgraded a number of packages after the latest
backup.  /usr was hit hard but /var was pretty clean.  So, I had
restored some old version of files and had no real idea which ones.  I
figure that eventually, they will all get replaced.  Still, being able
to write a perl script that tells me which files didn't match the stuff
in /var/lib/dpkg/info would've been handy.

Darren
- -- 
<[EMAIL PROTECTED]>  <[EMAIL PROTECTED]> <[EMAIL 
PROTECTED]>
Darren Stalder/2608 Second Ave, @282/Seattle, WA 98121-1212/USA/+1-800-921-4996
@ Do you have your clothes on? I probably don't. Take yours off. Feel better. @
@ Sysadmin, webweaver, postmaster for hire.  C/Perl/CGI programmer and tutor. @

-BEGIN PGP SIGNATURE-
Version: 2.6.3
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBM4LON44wrq++1Ls5AQFpgwP/SyFfV8OW/k2VcLwpE4VcyJD14RL/wiQu
ql4TBy9xNekdfbHV7C20C162X/M4TJ0bapLrpytTVfXjy1a4wp6aCMaQaOnVtGMc
LqGZ9n3B1PMm9mxuxB7exkyVmz8mVH9JMxBUhY16XUVc6tszoslNPolOlkv0VZf6
fFEF3nK5WUA=
=UejZ
-END PGP SIGNATURE-


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: dpkg verify mode for security?

[Christoph]

And dont forget debmake's debsums command to check the integrity of a
package build with debmake.

On Tue, 13 May 1997, Jim Pick wrote:

> 
> > Hi,
> > 
> > I was asking over Linux-ISP about doing cleanup after breakins and got
> > many "use tripwire" answers, and one which says that RPM has a verify
> > mode which checks for files which were changed since they were
> > installed.  Can the dpkg maintainers consider adding such a feature
> > for Debian?
> > 
> > Chees,
> > 
> > --Amos
> 
> Check out Klee Diene's dpkgcert package (in experimental).  You might have to
> write to him to find out where to get the certificates that go along
> with it.  It really helped me recover from drive corruption.
> 
> Cheers,
> 
>  - Jim
> 
> 


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: dpkg verify mode for security?

[Tom Lees]

On Thu, 15 May 1997, Chris Fearnley wrote:

> 'Amos Shapira wrote:'
> >
> >I was asking over Linux-ISP about doing cleanup after breakins and got
> >many "use tripwire" answers, and one which says that RPM has a verify
> >mode which checks for files which were changed since they were
> >installed.  Can the dpkg maintainers consider adding such a feature
> >for Debian?
> 
> What does the rpm verify give you?  As far as I can tell it gives a
> false sense of security.  Nothing more.  The rpm database is easily
> hacked once root access is attained.
> 
> Tripwire or something similar is the only viable option.

If the maintainers PGP-sign the verification data, they should be OK
(providing that you keep your PGP keyring on read-only media, like a
Debian CD-ROM). I'm presuming the best way to go is to have PGP-signed
md5sums. Another alternative is to keep a copy of the md5sums on read-only
media (CD-ROM springs to mind), and check against that.

-- 
Tom Lees <[EMAIL PROTECTED]>http://www.lpsg.demon.co.uk/
PGP ID 87D4D065, fingerprint 2A 66 86 9D 02 4D A6 1E  B8 A2 17 9D 4F 9B 89 D6
finger [EMAIL PROTECTED] for full public key (also available on keyservers)


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: dpkg verify mode for security?

[Amos Shapira]

In message <[EMAIL PROTECTED]> you write:
|'Amos Shapira wrote:'
|>
|>I was asking over Linux-ISP about doing cleanup after breakins and got
|>many "use tripwire" answers, and one which says that RPM has a verify
|>mode which checks for files which were changed since they were
|>installed.  Can the dpkg maintainers consider adding such a feature
|>for Debian?
|
|What does the rpm verify give you?  As far as I can tell it gives a
|false sense of security.  Nothing more.  The rpm database is easily
|hacked once root access is attained.
|
|Tripwire or something similar is the only viable option.

You give the answer yourself :-).  What I was thinking about is the
ability to verify files against a database on a non-writeable media
(or fetched from the net).

Someone pointed me to an experimental package called 'dpkgcert', which
seems to do just that.  Look at the experimental directory on
master.debian.org.

Cheers,

--Amos

--Amos Shapira| "Of course Australia was marked for
133 Shlomo Ben-Yosef st.  |  glory, for its people had been chosen
Jerusalem 93 805  |  by the finest judges in England."
ISRAEL [EMAIL PROTECTED] | -- Anonymous


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: dpkg verify mode for security?

[Chris Fearnley]

'Amos Shapira wrote:'
>
>I was asking over Linux-ISP about doing cleanup after breakins and got
>many "use tripwire" answers, and one which says that RPM has a verify
>mode which checks for files which were changed since they were
>installed.  Can the dpkg maintainers consider adding such a feature
>for Debian?

What does the rpm verify give you?  As far as I can tell it gives a
false sense of security.  Nothing more.  The rpm database is easily
hacked once root access is attained.

Tripwire or something similar is the only viable option.

-- 
Christopher J. Fearnley  |  Linux/Internet Consulting
[EMAIL PROTECTED]   |  Design Science Revolutionary
http://www.netaxs.com/~cjf   |  Explorer in Universe
ftp://ftp.netaxs.com/people/cjf  |  "Dare to be Naive" -- Bucky Fuller


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . Trouble? 
e-mail to [EMAIL PROTECTED] .

Re: dpkg verify mode for security?

[Jim Pick]

> Hi,
> 
> I was asking over Linux-ISP about doing cleanup after breakins and got
> many "use tripwire" answers, and one which says that RPM has a verify
> mode which checks for files which were changed since they were
> installed.  Can the dpkg maintainers consider adding such a feature
> for Debian?
> 
> Chees,
> 
> --Amos

Check out Klee Diene's dpkgcert package (in experimental).  You might have to
write to him to find out where to get the certificates that go along
with it.  It really helped me recover from drive corruption.

Cheers,

 - Jim



pgpBt06MowdnQ.pgp
Description: PGP signature

dpkg verify mode for security?

[Amos Shapira]

Hi,

I was asking over Linux-ISP about doing cleanup after breakins and got
many "use tripwire" answers, and one which says that RPM has a verify
mode which checks for files which were changed since they were
installed.  Can the dpkg maintainers consider adding such a feature
for Debian?

Chees,

--Amos

--Amos Shapira  | "Of course Australia was marked for
|  glory, for its people had been chosen
[EMAIL PROTECTED]  |  by the finest judges in England."
| -- Anonymous


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .