1 |
On Thu, Mar 25, 2004 at 02:06:39AM +0000, Tom Hosiawa wrote: |
2 |
> I've used tripwire a little bit, and I'm starting to like it. |
3 |
> |
4 |
> The biggest problem I see with it, is the default policy is setup for |
5 |
> Red Hat, not for Gentoo. I know a Gentoo policy file exists in bugzilla, |
6 |
> but I'm thinking of creating a script to generate the policy file based |
7 |
> specifically on installed packages in portage. |
8 |
> |
9 |
> So before I go ahead with this plan, I thought I get some feedback on my |
10 |
> ideas. |
11 |
> |
12 |
> >From playing around with the policy file, I see it groups and |
13 |
> categorizes files into different security types and priorities such as |
14 |
> critical, suid, config , log, etc. |
15 |
> |
16 |
> So for every installed package, I would put it into its own group. Than |
17 |
> I would assign binary files (/bin, /usr/bin), superuser files (/sbin, |
18 |
> /usr/sbin), suid (search for them), config (/etc), log (/var/log) files |
19 |
> into their appropriate categories. |
20 |
> |
21 |
> Finally, providing options to generate it for only system packages with |
22 |
> no user input, and individual package selection should be an option. |
23 |
> |
24 |
> Tom |
25 |
> |
26 |
Tripwire is nice, but I think a custom-developed solution would be much |
27 |
better for Gentoo. Gentoo keeps md5-sums for each package in |
28 |
/var/db/pkg/<category>/<package>/CONTENTS. What I would suggest is a |
29 |
system whereby we sign these CONTENTS-files with a GPG key. A second |
30 |
option would be to create a new file in this same location, specifically |
31 |
designed for integrity checking. |
32 |
|
33 |
Starting with the first option: this should be quite simple to implement. |
34 |
Just build a script which signs all the CONTENTS-files with your GPG |
35 |
key, and the database is build. Then, for each scan, the md5-sums of the |
36 |
files are checked against the real file, and the md5-sum of the |
37 |
CONTENTS-file is checked. |
38 |
A disadvantage of this approach is that some of the flexibility of the |
39 |
Tripwire system is lost. It is no longer possible to assign priorities |
40 |
to the different files, or to completely ignore certain files. This is |
41 |
where the second option comes in. Here, we are free to assign priorities |
42 |
to the individual files. We can also specify which aspects of the file |
43 |
should be checked: just the modification times, or the contents. |
44 |
|
45 |
The major advantage of this integrated system would be that the integrity |
46 |
information can be automatically updated if the user installs a new |
47 |
package. Normally, with Tripwire, system maintenance is a nuisance. Every |
48 |
time a new package is installed, Tripwire will generate false alarms. |
49 |
Or, at least, when I used it it did, because I always forgot to update |
50 |
the database... |
51 |
|
52 |
Regards, |
53 |
|
54 |
Michel Wilson. |