FilesystemIntegrityCheckerSpec
Launchpad Entry: security-karmic-fs-integrity
Created: 2009-06-03
Contributors: mdeslaur
Packages affected: aide
Summary
Aide is the filesystem integrity checker in main. Filesystem checkers aren't typically used by most administrators as they are hard to maintain and report a lot of false positives after system updates.
In order for Aide to be easily used, a new subpackage will be introduced containing pre-configuration that will automatically run an integrity check before system updates and a database rebuild after system updates. Although not fool-proof, this will enable an administrator to easily install Aide and to get useful intrusion information without investing a lot of maintenance time.
Release Note
Aide now contains a subpackage containing scripts that will run an integrity check before installing system updates and will automatically rebuild the hash database after system updates.
Rationale
Filesystem integrity checkers are hard to maintain, as a large number of false positives come from system updates. Introducing a simpler configuration will allow system administrators to simply install it, configure it to send them email, and will benefit from getting file change alerts.
Design
To be determined. Apt hook?
Implementation
A new subpackage will be created. This is required in order for current Aide setups to still work, and for the new configuration files to be optional. This is important as some may see the automatic rebuilding of the hash database as a major security issue for a filesystem integrity checker.
Test/Demo Plan
This is targeted to users who don't currently use Aide. Once the subpackage is ready, we can ask for community testing.
Unresolved issues
To be completed.