From: Ivan K. <ch...@ya...> - 2007-08-25 02:29:28
|
On Friday 24 August 2007, Gilles Espinasse wrote: > ----- Original Message ----- > From: "Ivan Kabaivanov" <ch...@ya...> > To: <ipc...@li...> > Sent: Friday, August 24, 2007 8:28 PM > Subject: [Ipcop-core] md5sum of all installed files as last step in > theinstaller? > > > Just an idea -- what do you think if the last thing the installer did > > was > > to > > > find *all* installed files, md5sum them and write the sums to a floppy? > > This > > > would be an optional, but strongly recommended step of the installer to > > help > > > in the future in the event of a compromised system. > > > > This would go well together with a rescue mode initrd on the installation > > cd > > > that I'm planning to put together at some point in the near future. > > > > We can work out a system where updates will be taken into account when > > files > > > are changed. > > I think we should go to a packaging system, one that exist or our own. > This would allow better testing and qualification of changes, possibly > package uninstall to go back to a previous version. Gilles, I know you're following lfs-dev so you've seen this thread, but I'll post it here anyway: http://linuxfromscratch.org/pipermail/lfs-dev/2007-August/060019.html It contains lots of new ideas, and the package management is only one of them. Nothing concrete regarding that aspect came out of the discussion, but some interesting suggestions were passed around. We can either wait for LFS to come up with something and hope it satisfies our requirements or just try a few package managers and settle on the best one for our needs. > > > This will probably be quite time-consuming on old systems, but since it'd > > be > > > optional, people can choose not to do it. But for those who do md5sum > > their > > > system, the benefit would be huge. > > > > I'd be interested in your feedback. > > > > Thanks, > > IvanK. > > Could be in installer stage or ./make.sh rootfiles like I have done on > v1.4. My idea was to concatenate md5 of published files after each update. > I have not yet tested the number of files with a timestamp include on v1.5. > > Gilles I think the installer would be the more appropriate place to do this kind of system fingerprinting -- just after installing all the files and after restoring configuration files. Oh, and I'm moving this to ipcop-devel cause it'd be interesting to see what other people think. IvanK. |