LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 08-22-2010, 11:40 AM   #1
mibaile5
LQ Newbie
 
Registered: Aug 2010
Posts: 1

Rep: Reputation: 0
Encryption/AIDE


Hey All,

I need to implement AIDE on my client machines. The builds on these machine are different, so each workstation will have its own specific db generated through running AIDE initially. It is not good practice to just leave the db on the machine, since an "attacker" would be able to view this information. However, at the same time I do not want to pull back over 100 different aide db's to the ftp server and have an update pull each specifically every time I need to run the check.

The plan is to leave the db on the client machine, but encrypt it (using public/private keys). I need to be able to encrypt the file on the client machine. I will use a cron on the client to pull an update (from my ftp server) that runs AIDE. This update needs to be able to decrypt the file, use it running AIDE, then re-encrypt the file on the client. Hopefully I am explaining this in a way that makes sense. Any ideas on how to approach this?
 
Old 08-22-2010, 10:31 PM   #2
bluebox
Member
 
Registered: Jun 2004
Posts: 71

Rep: Reputation: 9
I don't see the benefits of asymmetric encryption in your case. But if you prefer public/private key encryption, gnupg comes to my mind. Create a key-pair. The public key is needed on the client for encryption, the private key is needed on the client for decryption. IMHO there is no need to keep any of the keys on the client when it is not needed. Make them available from the server via sftp or scp when they are needed, wipe any instance on the client afterwards.

Create a file container, put a fs on it, mount it via loop, and try to put anything needed to run AIDE into this container. Encrypt the container file afterwards - and do a checksum of it. (Container handling would be easier if you use cryptsetup instead of asymmetric encryption.)

You might want to use NILFS to format your container, instead of ext3 etc.:
http://en.wikipedia.org/wiki/NILFS

I wouldn't use cron on the client for these things. I would use cron on the server, ssh into the clients, upload my script, run it, wipe out all my traces and vanish. I would try not to leave any evidence of the mere existence of AIDE on the client, except a strange big file filled with cryptographic random. You're root. Nobody can break into your system better than you;)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Can someone post a sample aide.conf file here? For AIDE IDS abefroman Linux - Security 9 04-12-2008 08:18 AM
Linux password encryption and data encryption Tux-Slack Programming 4 06-20-2007 06:46 AM
tripwire vs. aide ddaas Linux - Security 12 06-03-2005 11:43 AM
Mandrake 9.0 Wireless Works without encryption.. does not with encryption topcat Linux - Wireless Networking 3 05-04-2003 08:47 PM
aide cuckoopint Linux - Security 3 04-22-2003 02:50 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 09:11 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration