User: Password:
Subscribe / Log in / New account

Lessons from the Debian compromise

Lessons from the Debian compromise

Posted Dec 11, 2003 13:02 UTC (Thu) by copsewood (subscriber, #199)
Parent article: Lessons from the Debian compromise

When I was involved in proving the existence of a then unknown M$ virus it
made sense to shut the system down and apply an integrity check on a static filesystem from a known clean boot environment. Doing this periodically will of course result in regular scheduled downtime. This may be a price which has to be paid for a more secure environment, unless those engaged in root-kit detection mechanisms can somehow guarantee the integrity of their check operating from within the compromised environment. As I don't realistically see any such guarantee as being realistic is 15-30 minutes downtime a day something we may need to accept for a higher integrity environment ?

(Log in to post comments)

Lessons from the Debian compromise

Posted Dec 19, 2003 16:48 UTC (Fri) by helgehaf (guest, #10306) [Link]

There's no need to schedule downtime for this.

Take advantage of the fact that a scsi disk is accessible from several machines at once (by connecting two host adapters.)

The disk that is "main disk" for one machine is mounted read-only for checking by another machine. The other machine always boot cleanly because
it boots from a unwriteable cdrom. It can tell if something bad happens to files on the "shared" disk.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds