WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Tiny Core files protection  (Read 5109 times)

Offline etopeter

  • Newbie
  • *
  • Posts: 5
    • Personal Blog
Tiny Core files protection
« on: September 29, 2012, 04:22:24 PM »
Hi,
Im building tripwire box with Tiny Core and I need to setup policy file the Tiny Core way.

Could anyone tell me what files should I monitor for changes as a best security practice for TC linux?

Offline tinypoodle

  • Hero Member
  • *****
  • Posts: 3857
Re: Tiny Core files protection
« Reply #1 on: September 29, 2012, 06:28:33 PM »
You'd have to be more specific.

Also... "tripwire box" is ambiguous - metaphor or app name??
"Software gets slower faster than hardware gets faster." Niklaus Wirth - A Plea for Lean Software (1995)

Offline etopeter

  • Newbie
  • *
  • Posts: 5
    • Personal Blog
Re: Tiny Core files protection
« Reply #2 on: September 29, 2012, 07:18:08 PM »
Im sure there may be different implementations of protecting core files.
In my case I want to setup Tiny Core box with Open Source Tripwire(http://sourceforge.net/projects/tripwire/). Tripwire in specific has very flexible policy rules that you can configure to your needs.
I want to know if there are files specific to Tiny Core distro that are worth monitoring.
For instance /opt directory .filetool.lst and shell scripts.
Thanks for your help.


Offline gerald_clark

  • TinyCore Moderator
  • Hero Member
  • *****
  • Posts: 4254
Re: Tiny Core files protection
« Reply #3 on: September 29, 2012, 07:44:20 PM »
Core is just 2 files.  Monitor those plus anything you add.

Offline tinypoodle

  • Hero Member
  • *****
  • Posts: 3857
Re: Tiny Core files protection
« Reply #4 on: September 30, 2012, 02:29:06 AM »
For what concerns extensions in a PPR,
http://forum.tinycorelinux.net/index.php/topic,7471.msg39709/topicseen.html#msg39709
might be a preferable method.
"Software gets slower faster than hardware gets faster." Niklaus Wirth - A Plea for Lean Software (1995)

Offline netnomad

  • Hero Member
  • *****
  • Posts: 1026
Re: Tiny Core files protection
« Reply #5 on: September 30, 2012, 03:19:19 AM »
hi friends,

perhaps AIDE is the right tool for you, the program is small (less than 1mb),lean and clean.
give it a try! i would be very pleased to find it in the rep one day :)
aide compares all changes to a database and reports them per mail.

http://aide.sourceforge.net/
AIDE is an intrusion detection system that detects changes to files on the local system. It creates a database from the regular expression rules that it finds from the config file. Once this database is initialized it can be used to verify the integrity of the files. It has several message digest algorithms (md5, sha1, rmd160, tiger, haval, etc.) that are used to check the integrity of the file. More algorithms can be added with relative ease. All of the usual file attributes can also be checked for inconsistencies.

for online monitoring i can recommend you inotify:
http://forum.tinycorelinux.net/index.php/topic,14113.0.html

keep on digging.
« Last Edit: September 30, 2012, 03:28:02 AM by netnomad »

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11619
Re: Tiny Core files protection
« Reply #6 on: September 30, 2012, 11:47:21 PM »
Hi etopeter
First you want to select the files you wish to protect from changes. Besides binaries, don't forget conf files.
Next you need to decide what action to take if one of those files gets modified. Most binaries and stock conf
files can be restored by simply rebooting. Your initrd and vmlinuz need to be handled separately. You
might package backup copies in a tcz. Upon detecting a change, load the tcz and copy them to their
default locations and then reboot. You also need to plan your backup strategy. If you have a conf file you've
customized and it gets modified, you don't want to run a backup on it before rebooting. If you have work
files in your home directory that you back up, you may wish to devise a way to back them up without backing
up system settings should they get modified.