Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 10 Mar 2010 15:22:32 +0100
From:      Elmar Stellnberger <elmstel@gmail.com>
To:        freebsd-security@freebsd.org
Subject:   online cheksum verification for FreeBSD
Message-ID:  <4B97AB28.8060403@gmail.com>
next in thread | raw e-mail | index | archive | help 

online cheksum verification for FreeBSD

  I believe it would be highly desireable to have an online md5sum
verification for FreeBSD as this is already implemented by checkroot
(http://www.elstel.com/checkroot/) for openSUSE. This is often the only
way to spot an intrusion. Keeping external md5sum lists is very tedious
and error prone as soon as you want to apply updates. You need to fully
verify your system before every single update because otherwise you may
store the checksums of files that have already been altered by
intruders. Forgetting this once makes any further checks useless i.e.
you would have to install from scratch.
  Does anyone know whether a similar tool could be implemented for FreeBSD?
The only thing that I have found about it is:
"DS   Compare the system against a "known good" index of the installed
release.'"
However this known good index would need to be stored on a FreeBSD
server because everything that is stored locally can be altered by an
intruder. In the case of openSUSE it is sufficient to download the
package headers of all installed packages because they contain the
md5sums of the files that are installed. Keeping md5sum lists on a
server would be an alternative solution as proposed in
https://features.opensuse.org/306508.
 For those of us who are building their own ports something like the
openSUSE build service for FreeBSD
(https://features.opensuse.org/308617) could leverage the usage of such
a security tool for all packages although checking the core packages
will be most important so far in order to detect rootkits (which are not
publicly known so far).

Best Regards,
Elmar

 P.S.: Please do also send responses to my email as I am not subscribed yet.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B97AB28.8060403>