Brad Tilley said: > We run md5sums on all system binaries on our Debian servers and tar the > actual binaries to a file and then burn everything to CD with other data > about the server for security reasons. Do any other Debian users do > this? Is it worth the effort? Is this too paranoid? > > Below are the commands we use to do this: > > cd /bin > md5sum * | mail -s "md5sums on pine from bin" [EMAIL PROTECTED] > tar cvzpf bin.tar.gz && mv bin.tar.gz /root
depends how much time you have, I prefer to use a more automated solution such as Tripwire or PureSecure(an integrated IDS which I use). Though to date I haven't seriously deployed the file integrity checking tools they offer, it requires a lot of overhead to manage the data. If you only have one server its not so bad, I have about 30 or so..too much work for me on top of everything else. and are you only checking /bin ? I would be checking a lot more files especially /etc/* and /lib/*, one thing that would be nice is if there was a debian package that could automate it for you. I ran SuSE 8's backup tool for the first time not long ago and it had the option of finding all files that were not part of the packages as well as files that had changed since the package was installed(by checking the md5sums), it was really slow(slow laptop), but it seemed to be quite complete. Last I read though not all debian packages come with a list of md5sum'd files. I would reccomend an automated solution though over that, so it can alert you to changes. Of course setting up a secure system is kind of difficult, PureSecure logs stuff to a mysql database(along with snort events and service monitoring events), so that has a bit more security, but its far from perfect. nate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
