Debian

Operating SystemDebian 6
WebsiteDebian

Introduction

For some context, I had a former colleague who found himself working in a company with many compromised servers that had been owned for years with no immediate possibility of replacing them. Knowing that binaries had been modified, he had to verify the integrity of all systems. For this purpose, he created a small script to check everything.

Usage

(debian_integrity_check.sh)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

#!/bin/bash

# Get packages list
dpkg -l | awk '($1=="ii") {print $2"="$3}' > /tmp/pkgs

cat > /tmp/apt.conf <<__EOF
// Only needed if arch_of(broken_system) != uname -m
// APT::Architecture "amd64";

APT::Get::Download-Only "true";
APT::Get::Reinstall "true";

Dir "/"
{
  State::status "/var/lib/dpkg/status";
  Cache "/tmp/new-ar";
};

// the filesystem is read-only, hence we need no root permission to
// run apt-get to get file locks
Debug::NoLocking "true";
__EOF

# Install packages in a temp folder
mkdir -p /tmp/new-ar/archives/partial
APT_CONFIG=/tmp/apt.conf apt-get --reinstall install $(cat /tmp/pkgs)

# Diff temp content with root
debsums --all --changed --generate=all --root=/ --deb-path=/tmp/new-ar/archives $(awk -F= '{print $1}' /tmp/pkgs)

All you have to do is make the script executable and run it :-)

Edit this page

Last updated 29 Aug 2012, 12:02 CEST. history