1 |
Bryan Gardiner <bog <at> khumba.net> writes: |
2 |
|
3 |
|
4 |
> On my most recent update, I had some build failures that led me to |
5 |
> find that some files on my root partition have been corrupted. |
6 |
|
7 |
Pretty open ended statement, so here's a few ideas. |
8 |
|
9 |
|
10 |
'eix -cC app-forensics' will give a brief description of tools |
11 |
in that app-forensics category, so you can see what you have to |
12 |
work with. Other tools exist in other categories. |
13 |
|
14 |
I'm going to ignore the luks issues so others can chime in on that issue. |
15 |
|
16 |
|
17 |
A while back I ran across app-forensics/AIDE:: |
18 |
|
19 |
" Typically, a system administrator will create an AIDE database on a new |
20 |
system before it is brought onto the network. This first AIDE database is a |
21 |
snapshot of the system in it's normal state and the yardstick by which all |
22 |
subsequent updates and changes will be measured. " [1] |
23 |
|
24 |
|
25 |
Sounds great as a replacement for tripwire. I have yet to use this, |
26 |
but it'll be on my next system. You can use the -fetch option to |
27 |
download the fresh version of the packages (assuming you have deleted them |
28 |
first) where you suspect corruption and compile/install those again. |
29 |
Then set up AIDE? |
30 |
|
31 |
Sounds like a great idea for an internet facing server. |
32 |
|
33 |
Once you download those replacement packages, just unplug your ethernet |
34 |
until you are prepared to reconnect. |
35 |
|
36 |
[1] http://aide.sourceforge.net/stable/manual.html |
37 |
|
38 |
|
39 |
hth, |
40 |
James |