| 1 |
On Thu, Mar 25, 2004 at 02:06:39AM +0000, Tom Hosiawa wrote: |
| 2 |
> I've used tripwire a little bit, and I'm starting to like it. |
| 3 |
> |
| 4 |
> The biggest problem I see with it, is the default policy is setup for |
| 5 |
> Red Hat, not for Gentoo. I know a Gentoo policy file exists in bugzilla, |
| 6 |
> but I'm thinking of creating a script to generate the policy file based |
| 7 |
> specifically on installed packages in portage. |
| 8 |
> |
| 9 |
> So before I go ahead with this plan, I thought I get some feedback on my |
| 10 |
> ideas. |
| 11 |
> |
| 12 |
> >From playing around with the policy file, I see it groups and |
| 13 |
> categorizes files into different security types and priorities such as |
| 14 |
> critical, suid, config , log, etc. |
| 15 |
> |
| 16 |
> So for every installed package, I would put it into its own group. Than |
| 17 |
> I would assign binary files (/bin, /usr/bin), superuser files (/sbin, |
| 18 |
> /usr/sbin), suid (search for them), config (/etc), log (/var/log) files |
| 19 |
> into their appropriate categories. |
| 20 |
> |
| 21 |
> Finally, providing options to generate it for only system packages with |
| 22 |
> no user input, and individual package selection should be an option. |
| 23 |
> |
| 24 |
> Tom |
| 25 |
> |
| 26 |
Tripwire is nice, but I think a custom-developed solution would be much |
| 27 |
better for Gentoo. Gentoo keeps md5-sums for each package in |
| 28 |
/var/db/pkg/<category>/<package>/CONTENTS. What I would suggest is a |
| 29 |
system whereby we sign these CONTENTS-files with a GPG key. A second |
| 30 |
option would be to create a new file in this same location, specifically |
| 31 |
designed for integrity checking. |
| 32 |
|
| 33 |
Starting with the first option: this should be quite simple to implement. |
| 34 |
Just build a script which signs all the CONTENTS-files with your GPG |
| 35 |
key, and the database is build. Then, for each scan, the md5-sums of the |
| 36 |
files are checked against the real file, and the md5-sum of the |
| 37 |
CONTENTS-file is checked. |
| 38 |
A disadvantage of this approach is that some of the flexibility of the |
| 39 |
Tripwire system is lost. It is no longer possible to assign priorities |
| 40 |
to the different files, or to completely ignore certain files. This is |
| 41 |
where the second option comes in. Here, we are free to assign priorities |
| 42 |
to the individual files. We can also specify which aspects of the file |
| 43 |
should be checked: just the modification times, or the contents. |
| 44 |
|
| 45 |
The major advantage of this integrated system would be that the integrity |
| 46 |
information can be automatically updated if the user installs a new |
| 47 |
package. Normally, with Tripwire, system maintenance is a nuisance. Every |
| 48 |
time a new package is installed, Tripwire will generate false alarms. |
| 49 |
Or, at least, when I used it it did, because I always forgot to update |
| 50 |
the database... |
| 51 |
|
| 52 |
Regards, |
| 53 |
|
| 54 |
Michel Wilson. |
Archives