| 1 |
Bryan Gardiner <bog <at> khumba.net> writes: |
| 2 |
|
| 3 |
|
| 4 |
> On my most recent update, I had some build failures that led me to |
| 5 |
> find that some files on my root partition have been corrupted. |
| 6 |
|
| 7 |
Pretty open ended statement, so here's a few ideas. |
| 8 |
|
| 9 |
|
| 10 |
'eix -cC app-forensics' will give a brief description of tools |
| 11 |
in that app-forensics category, so you can see what you have to |
| 12 |
work with. Other tools exist in other categories. |
| 13 |
|
| 14 |
I'm going to ignore the luks issues so others can chime in on that issue. |
| 15 |
|
| 16 |
|
| 17 |
A while back I ran across app-forensics/AIDE:: |
| 18 |
|
| 19 |
" Typically, a system administrator will create an AIDE database on a new |
| 20 |
system before it is brought onto the network. This first AIDE database is a |
| 21 |
snapshot of the system in it's normal state and the yardstick by which all |
| 22 |
subsequent updates and changes will be measured. " [1] |
| 23 |
|
| 24 |
|
| 25 |
Sounds great as a replacement for tripwire. I have yet to use this, |
| 26 |
but it'll be on my next system. You can use the -fetch option to |
| 27 |
download the fresh version of the packages (assuming you have deleted them |
| 28 |
first) where you suspect corruption and compile/install those again. |
| 29 |
Then set up AIDE? |
| 30 |
|
| 31 |
Sounds like a great idea for an internet facing server. |
| 32 |
|
| 33 |
Once you download those replacement packages, just unplug your ethernet |
| 34 |
until you are prepared to reconnect. |
| 35 |
|
| 36 |
[1] http://aide.sourceforge.net/stable/manual.html |
| 37 |
|
| 38 |
|
| 39 |
hth, |
| 40 |
James |
Archives