check hashsums

qrange · 04-17-2018, 06:09 AM

is there some bootable live USB that could check shasums of all installed debian system executables?

AwesomeMachine · 04-17-2018, 11:24 PM

The problem is the program wouldn't know what the hashsums are supposed to be. There would be no way to know if the files were changed. If you install tripwire on installation, that gives you a good snapshot. But after an incident occurs it's too late.

qrange · 04-18-2018, 05:48 AM

I see, but I'd have to update that tripwire on each apt upgrade?
Assuming there's a lot of people using latest Debian stable amd64, couldn't someone make a list of hashes at least for basic, 'startup-sequence' executables?

Or perhaps, we could run a script from LiveCD that would:

-inspect installed debian and give a list of all packages.
-download again those packages, extract them one-by-one, create a hashsum list, delete them.
-compare sums

?

edit: it would be simpler if packages were distributed with such lists for executables inside, imho.

pan64 · 04-18-2018, 06:55 AM

do you mean something like this: http://xpt.sourceforge.net/techdocs/...ntegrityCheck/ ?

qrange · 04-19-2018, 07:09 AM

yes, it helps, thanks.
I have also found 'cruft', its very useful.