On Sunday, November 6, 2016 at 9:27:04 PM UTC-5, David Renz wrote: > Hello everyone, > > currently I don't have QubesOS installed unfortunately, so I can't check this > by myself, and it might take some time until I'll be able to install it, > therefore I'm asking about this on the list: > > I think that AIDE is the most sophisticated tool for checking file system > integrity (and I believe that this approach might be one of the best in order > to see whether a system got compromised or not), but obviously it could > render this approach useless, if one would first habe to go online after > having installed QubesOS and then AIDE from a Repo, which might be > compromised. Therefore my question: Is AIDE included in the Fedora > installation iso, so that those security issues couls be circumvented? > > By the way, doing so should not only be done before going online for the > first time, but already before the system restarts after its installation > (because otherwise ACPI or other firmware code might compromise the system > during the first boot process). > > If it's not included in the installation iso, then I'd strongly suggest that > it should be added. (The second best solution would be to download it and > pray that this download is not compromised (probably I don't need to mention > that there are various ways to compromise this download without someone being > able to notice that), bur actually that doesn't even sound like a 'second > best', but a rather careless approach.) > > Maybe manually hashing files by writing a script could be another approach > (I'd rather do that than trust a security relevant tool I downloaded from > somewhere), though AIDE is really great in its functionality and it would be > really nice if doing so would be possible. > > > Kind regards and all the best > > David
You just install the package like any other linux. I still like tripwire the best, even though the opensource version is so outdated. Some more modern solutions are OSSEC or Samhain, but they are more like windows type all in one solutions and might be considered bloated. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/15c9ac4a-6fa7-424f-9d03-1373026a95f6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
