TGLMAN

Check What You Run

I usually try to check what software is installed and I'm running on my machine, using debian there are a few ways to check this with a few packages that come from the repository, I use checkrestart and needrestart to check after updates if the software is running need to be restarted, another really useful tool to be sure the system is running trustworthy software is debsums that make sure that your installed files have the same checksums of the files from the packages so as far you trust your debian repository you can trust your system.

One case I didn't find a tool yet, is when you want to be sure that all the software installed on your system is actually from a debian package, that is the source I trust, potentially the system can have a binary installed in a executable path of the system and be executed without any source check, even debsums checks only the binaries of the installed packages, but it does not report binaries that do not come from a package.

So starting from this problem I wrote down a few scripts that cover the missing step, scanning all the files existing in some sensitive folders, and check if they come from a package

Here is the all source code for the checks, is split in few scripts with different cases:

For check all the files existing in the PATH environment variable

./check_path.sh

For check for all the script existing in the Systemd folders

./check_systemd_paths.sh

For check all the executable in cron paths

./check_cron_paths.sh

For run all the previous one is enough run:

./check_all.sh

The run of this scripts will report all the checked files, or if run with --silent just the files that do not come from a package.

In the implementation details the scripts it just scan all the files in each folder and for each file it use dpkg to check if the file come from any package.

Do exists more sophisticated tool for solve the same problem but most of them need to be installed ahead of time, this instead can be run also when is too late and give a good protection against not too smart attacher.

That's all with this not too complex scripts can be add an additional security check that the software that is installed in your system come from a trusted source.

Posts

New host for the blog with new tools
30-01-2022
Tags: rust, self_hosting

First Week Librem 5
09-11-2021
Tags: librem5

Rust lib error management, multiple enum approach
10-04-2021
Tags: rust

Setup Gitlab runner for run ci tests locally
18-01-2020
Tags: self_hosting

Setup Gitlab shared runner for run tests on windows
18-01-2020
Tags: rust

Refs

Mastodon
GitLab
Github
StackOverflow

Projects

tglman.org
Structsy
Persy
URL Freezer