online cheksum verification for FreeBSD
Elmar Stellnberger
elmstel at gmail.com
Wed Mar 10 17:13:01 UTC 2010
online cheksum verification for FreeBSD
I believe it would be highly desireable to have an online md5sum
verification for FreeBSD as this is already implemented by checkroot
(http://www.elstel.com/checkroot/) for openSUSE. This is often the only
way to spot an intrusion. Keeping external md5sum lists is very tedious
and error prone as soon as you want to apply updates. You need to fully
verify your system before every single update because otherwise you may
store the checksums of files that have already been altered by
intruders. Forgetting this once makes any further checks useless i.e.
you would have to install from scratch.
Does anyone know whether a similar tool could be implemented for FreeBSD?
The only thing that I have found about it is:
"DS Compare the system against a "known good" index of the installed
release.'"
However this known good index would need to be stored on a FreeBSD
server because everything that is stored locally can be altered by an
intruder. In the case of openSUSE it is sufficient to download the
package headers of all installed packages because they contain the
md5sums of the files that are installed. Keeping md5sum lists on a
server would be an alternative solution as proposed in
https://features.opensuse.org/306508.
For those of us who are building their own ports something like the
openSUSE build service for FreeBSD
(https://features.opensuse.org/308617) could leverage the usage of such
a security tool for all packages although checking the core packages
will be most important so far in order to detect rootkits (which are not
publicly known so far).
Best Regards,
Elmar
P.S.: Please do also send responses to my email as I am not subscribed yet.
More information about the freebsd-security
mailing list