Check What You Run
I usually try to check what software is installed and I'm running on my machine, using debian there are a few ways to check this with a few packages that come from the repository, I use checkrestart and needrestart to check after updates if the software is running need to be restarted, another really useful tool to be sure the system is running trustworthy software is debsums that make sure that your installed files have the same checksums of the files from the packages so as far you trust your debian repository you can trust your system.
One case I didn't find a tool yet, is when you want to be sure that all the software installed on your system is actually from a debian package, that is the source I trust, potentially the system can have a binary installed in a executable path of the system and be executed without any source check, even debsums checks only the binaries of the installed packages, but it does not report binaries that do not come from a package.
So starting from this problem I wrote down a few scripts that cover the missing step, scanning all the files existing in some sensitive folders, and check if they come from a package
Here is the all source code for the checks, is split in few scripts with different cases:
For check all the files existing in the
PATH environment variable
For check for all the script existing in the Systemd folders
For check all the executable in cron paths
For run all the previous one is enough run:
The run of this scripts will report all the checked files, or if run with
--silent just the files that do not come from a package.
In the implementation details the scripts it just scan all the files in each folder and for each file it use
dpkg to check if the file come from any package.
Do exists more sophisticated tool for solve the same problem but most of them need to be installed ahead of time, this instead can be run also when is too late and give a good protection against not too smart attacher.
That's all with this not too complex scripts can be add an additional security check that the software that is installed in your system come from a trusted source.