Check What You Run

I usually try to check what software is installed and I'm running on my machine, using debian there are a few ways to check this with a few packages that come from the repository, I use checkrestart and needrestart to check after updates if the software is running need to be restarted, another really useful tool to be sure the system is running trustworthy software is debsums that make sure that your installed files have the same checksums of the files from the packages so as far you trust your debian repository you can trust your system.

One case I didn't find a tool yet, is when you want to be sure that all the software installed on your system is actually from a debian package, that is the source I trust, potentially the system can have a binary installed in a executable path of the system and be executed without any source check, even debsums checks only the binaries of the installed packages, but it does not report binaries that do not come from a package.

So starting from this problem I wrote down a few scripts that cover the missing step, scanning all the files existing in some sensitive folders, and check if they come from a package

Here is the all source code for the checks, is split in few scripts with different cases:

For check all the files existing in the PATH environment variable


For check for all the script existing in the Systemd folders


For check all the executable in cron paths


For run all the previous one is enough run:


The run of this scripts will report all the checked files, or if run with --silent just the files that do not come from a package.

In the implementation details the scripts it just scan all the files in each folder and for each file it use dpkg to check if the file come from any package.

Do exists more sophisticated tool for solve the same problem but most of them need to be installed ahead of time, this instead can be run also when is too late and give a good protection against not too smart attacher.

That's all with this not too complex scripts can be add an additional security check that the software that is installed in your system come from a trusted source.


New host for the blog with new tools
Tags: rust, self_hosting

First Week Librem 5
Tags: librem5

Rust lib error management, multiple enum approach
Tags: rust

Setup Gitlab runner for run ci tests locally
Tags: self_hosting

Setup Gitlab shared runner for run tests on windows
Tags: rust



URL Freezer