TGLMAN

Check What You Run

I usually try to check what software is installed and I'm running on my machine, using debian there are a few ways to check this with a few packages that come from the repository, I use checkrestart and needrestart to check after updates if the software is running need to be restarted, another really useful tool to be sure the system is running trustworthy software is debsums that make sure that your installed files have the same checksums of the files from the packages so as far you trust your debian repository you can trust your system.

One case I didn't find a tool yet, is when you want to be sure that all the software installed on your system is actually from a debian package, that is the source I trust, potentially the system can have a binary installed in a executable path of the system and be executed without any source check, even debsums checks only the binaries of the installed packages, but it does not report binaries that do not come from a package.

So starting from this problem I wrote down a few scripts that cover the missing step, scanning all the files existing in some sensitive folders, and check if they come from a package

Here is the all source code for the checks, is split in few scripts with different cases:

For check all the files existing in the PATH environment variable

./check_path.sh

For check for all the script existing in the Systemd folders

./check_systemd_paths.sh

For check all the executable in cron paths

./check_cron_paths.sh

For run all the previous one is enough run:

./check_all.sh

The run of this scripts will report all the checked files, or if run with --silent just the files that do not come from a package.

In the implementation details the scripts it just scan all the files in each folder and for each file it use dpkg to check if the file come from any package.

Do exists more sophisticated tool for solve the same problem but most of them need to be installed ahead of time, this instead can be run also when is too late and give a good protection against not too smart attacher.

That's all with this not too complex scripts can be add an additional security check that the software that is installed in your system come from a trusted source.

Posts

Setup Gitlab runner for run ci tests locally
18-01-2020
Tags: self_hosting

Check What You Run
23-12-2019
Tags: sh

Self Hosting Feed Reader Server
02-01-2018
Tags: self_hosting

Rust Lang Love
28-12-2017
Tags: coding, rust

Java Shell Script
13-05-2015
Tags: java, sh

Self Hosted Calendar Server With Radicale
02-05-2015
Tags: self_hosting

New Blog
02-05-2015
Tags: self_hosting

Primitive Boxing Problem
20-11-2012
Tags: java, coding

DDD Query Way
20-10-2012
Tags: java, ddd, coding

Refs

Twitter
Github
StackOverflow
GitLab

Projects

Object Query