Lessons from the Debian compromise
Lessons from the Debian compromise
Posted Dec 11, 2003 13:02 UTC (Thu) by copsewood (subscriber, #199)Parent article: Lessons from the Debian compromise
When I was involved in proving the existence of a then unknown M$ virus it
made sense to shut the system down and apply an integrity check on a static filesystem from a known clean boot environment. Doing this periodically will of course result in regular scheduled downtime. This may be a price which has to be paid for a more secure environment, unless those engaged in root-kit detection mechanisms can somehow guarantee the integrity of their check operating from within the compromised environment. As I don't realistically see any such guarantee as being realistic is 15-30 minutes downtime a day something we may need to accept for a higher integrity environment ?
Posted Dec 19, 2003 16:48 UTC (Fri)
by helgehaf (guest, #10306)
[Link]
Take advantage of the fact that a scsi disk is accessible from several machines at once (by connecting two host adapters.) The disk that is "main disk" for one machine is mounted read-only for checking by another machine. The other machine always boot cleanly because
There's no need to schedule downtime for this.Lessons from the Debian compromise
it boots from a unwriteable cdrom. It can tell if something bad happens to files on the "shared" disk.