Ron Johnson wrote:
On 2010-03-09 02:58, thib wrote:
Ron Johnson wrote:
I'd hash each of the files in /boot (storing the results in a thumb
drive if you are paranoid) just before you reboot and then just after.
How would you do it after with an offline system? That would require
to systematically run the machine in a virtualized environment (and
other things); not sure that's worth it.
Put your hashing script/program on the thumb drive then boot from a Live
CD.
Sorry, I meant, how would you run the hashing program before the reboot? I
think it has little value if it's ran by the live system beeing checked.
Sames goes for a check after the actual boot - only a hypervising or
external system should do it.
The only moment I can think of when it would actually be useful is right
before the boot phase, and yes, any live CD/thumb drive would do. I guess
it's kinda overkill though, a boot loader module would maybe be more
appropriate, it's really not a complex task. Well as long as it doesn't
have to do sig analysis anyway - which it probably shouldn't; I suppose it
shouldn't do anything else than raise a red flag, further in-depth analysis
can be done manually after that.
Would you care to share your solution, Clive?
-thib
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4b969873.4030...@stammed.net