LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Lessons from the Debian compromise

Lessons from the Debian compromise

Posted Dec 11, 2003 13:02 UTC (Thu) by copsewood (subscriber, #199)
Parent article: Lessons from the Debian compromise

When I was involved in proving the existence of a then unknown M$ virus it
made sense to shut the system down and apply an integrity check on a static filesystem from a known clean boot environment. Doing this periodically will of course result in regular scheduled downtime. This may be a price which has to be paid for a more secure environment, unless those engaged in root-kit detection mechanisms can somehow guarantee the integrity of their check operating from within the compromised environment. As I don't realistically see any such guarantee as being realistic is 15-30 minutes downtime a day something we may need to accept for a higher integrity environment ?

(Log in to post comments)

Lessons from the Debian compromise

Posted Dec 19, 2003 16:48 UTC (Fri) by helgehaf (guest, #10306) [Link]

There's no need to schedule downtime for this.

Take advantage of the fact that a scsi disk is accessible from several machines at once (by connecting two host adapters.)

The disk that is "main disk" for one machine is mounted read-only for checking by another machine. The other machine always boot cleanly because
it boots from a unwriteable cdrom. It can tell if something bad happens to files on the "shared" disk.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds