<font color="#000000"><font face="tahoma,sans-serif">Heh, for some reason I thought this was on the local linux users group instead of ubuntu-devel. Hence the more generic language.<br></font></font><div><font class="Apple-style-span" face="tahoma, sans-serif"><br> </font></div><div><font class="Apple-style-span" face="tahoma, sans-serif">Anyway feel free to take the other two points as possible products. My prototypes have been shell commands followed by simple java apps that did the same work. In both cases they directly read the files in /var/lib/dpkg/info or, in a few cases, the naked .deb files. They were always intended as </font><span class="Apple-style-span" style="font-family: tahoma, sans-serif; ">proof-of-concept demos, not something suitable for distribution.</span></div> <div><font class="Apple-style-span" face="tahoma, sans-serif"><br>The two specific tasks that came up a lot are:</font></div><div><font class="Apple-style-span" face="tahoma, sans-serif"><br></font></div><div><font class="Apple-style-span" face="tahoma, sans-serif">1. List all files under { /bin, /sbin, /usr, /lib, /etc and parts of /var } that:</font></div> <div><font class="Apple-style-span" face="tahoma, sans-serif"> a) are present but not in a package as either a regular file or a conffile,</font></div><div><font class="Apple-style-span" face="tahoma, sans-serif"> b) are present but have a different md5sum than the package, or</font></div> <div><font class="Apple-style-span" face="tahoma, sans-serif"> c) are in an installed package but not present.</font></div><div><font class="Apple-style-span" face="tahoma, sans-serif"><br></font></div><div><font class="Apple-style-span" face="tahoma, sans-serif">This can return a simple list of files that can be used as input to other applications.</font></div> <div><font class="Apple-style-span" face="tahoma, sans-serif"><br></font></div><div><font class="Apple-style-span" face="tahoma, sans-serif">An extension is to check the permissions, e.g., by looking into the .deb file itself and examining the data.tar.gz file. There's also always the standby</font></div> <div><font class="Apple-style-span" face="tahoma, sans-serif"><br></font></div><div><font class="Apple-style-span" face="tahoma, sans-serif"> $ find / -perm +1000 -ls</font></div><div><font class="Apple-style-span" face="tahoma, sans-serif"> $ find / -perm +2000 -ls</font></div> <div><font class="Apple-style-span" face="tahoma, sans-serif"><br></font></div><div><font class="Apple-style-span" face="tahoma, sans-serif">to find suid/sgid files in the system. Simply knowing what files should have these permissions would be helpful.</font></div> <div><font class="Apple-style-span" face="tahoma, sans-serif"><br></font></div><div><font class="Apple-style-span" face="tahoma, sans-serif">You can do a quick MD5 sanity check with</font></div><div><font class="Apple-style-span" face="tahoma, sans-serif"><br> </font></div><div><font class="Apple-style-span" face="tahoma, sans-serif"> $ cat /var/lib/dpkg/info/*.md5sums | sort | uniq >/tmp/md5sums</font></div><div><font class="Apple-style-span" face="tahoma, sans-serif"> $ md5sum -c /tmp/md5sums</font></div> <div><font class="Apple-style-span" face="tahoma, sans-serif"><br></font></div><div><font class="Apple-style-span" face="tahoma, sans-serif">2. Create a local package containing modified conffiles.</font></div><div><font class="Apple-style-span" face="tahoma, sans-serif"><br> </font></div><div><font class="Apple-style-span" face="tahoma, sans-serif">You can get a list of conffiles from</font></div><div><font class="Apple-style-span" face="tahoma, sans-serif"><br></font></div><div><font class="Apple-style-span" face="tahoma, sans-serif"> $ cat /var/lib/dpkg/info/*.conffiles | sort | uniq >/tmp/conffiles</font></div> <div><font class="Apple-style-span" face="tahoma, sans-serif"><br></font></div><div><font class="Apple-style-span" face="tahoma, sans-serif">and convert that to a list of md5 files with a join with a bit of work. (conffiles have a leading slash on the path, md5sums do not). Then it would be a simple matter of creating a tarball of the modified files and wrapping it up so that you can perform all of your customization by installing a single package.</font></div> <div><font class="Apple-style-span" face="tahoma, sans-serif"><br></font></div><div><font class="Apple-style-span" face="tahoma, sans-serif">3. Not related to the original question but I've also wondered about a hardening package that installs a cron task that's package-aware. That is, I (should) be regularly performing tasks like:</font></div> <div><font class="Apple-style-span" face="tahoma, sans-serif"><br></font></div><meta http-equiv="content-type" content="text/html; charset=utf-8"><div><font class="Apple-style-span" face="tahoma, sans-serif"> $ find { everything but /dev } -type b -ls</font></div> <div><font class="Apple-style-span" face="tahoma, sans-serif"> $ find { everything but /dev } -type c -ls</font></div><div><font class="Apple-style-span" face="tahoma, sans-serif"><br></font></div><div><font class="Apple-style-span" face="tahoma, sans-serif">That is, looking for character or block devices that are anywhere but under /dev. That's never a good thing.</font></div> <div><font class="Apple-style-span" face="tahoma, sans-serif"><br></font></div><div><font class="Apple-style-span" face="tahoma, sans-serif"> $ find /home -uid -1000</font></div><div><font class="Apple-style-span" face="tahoma, sans-serif"><br> </font></div><div><font class="Apple-style-span" face="tahoma, sans-serif">That is, looking for any system files under /home. Again this is never a good thing.</font></div><div><font class="Apple-style-span" face="tahoma, sans-serif"><br> </font></div><div><font class="Apple-style-span" face="tahoma, sans-serif">There's a dozen or so checks that can be done but in some cases there will be expected hits, depending upon the actual packages installed. It should be possible to customize this task so it knows what to ignore and what to flag as a problem.</font></div> <div><font class="Apple-style-span" face="tahoma, sans-serif"><br></font></div><div><font class="Apple-style-span" face="tahoma, sans-serif">Bear</font></div><div><font class="Apple-style-span" face="tahoma, sans-serif"><br> </font></div><div><font class="Apple-style-span" face="tahoma, sans-serif"><br></font></div><div><div class="gmail_quote">On Fri, Oct 7, 2011 at 2:35 AM, Michael Vogt <span dir="ltr"><<a href="mailto:mvo@ubuntu.com">mvo@ubuntu.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">On Thu, Oct 06, 2011 at 05:15:14PM -0600, Bear Giles wrote:<br> > I've written a few prototypes and this comes down to four issues. Some of<br> > the details below are debian/ubuntu-specific but the same concepts will<br> > apply to redhat.<br> </div>[..]<br> <div class="im">> 2. Packages should NOT be backed up. All you need is the package name and<br> > version. Reinstall from .deb and .rpm if necessary since this way you're<br> > sure that you never restore compromised files.<br> <br> </div>You may want to look at the apt-clone package for this part of the<br> work, it supports creating/restoring this meta-data.<br> <br> Cheers,<br> <font color="#888888"> Michael<br> </font><div><div></div><div class="h5"><br> <br> > On Fri, Sep 30, 2011 at 12:01 AM, Gaurav Saxena <<a href="mailto:grvsaxena419@gmail.com">grvsaxena419@gmail.com</a>>wrote:<br> ><br> > > Hello Aaron<br> > > Thanks a lot for your quick reply.<br> > ><br> > > On Fri, Sep 30, 2011 at 10:03 AM, Aaron C. de Bruyn <<a href="mailto:aaron@heyaaron.com">aaron@heyaaron.com</a>>wrote:<br> > ><br> > >> In Windows, the ability to snapshot is built into the filesystem.<br> > >> In Linux, you must be running a filesystem that supports snapshots. I<br> > >> know LVM supports snapshotting and I believe BRTFS has support, but<br> > >> other than that I'm not sure.<br> > >><br> > >> Yes I read the logic behind windows system restore. But I think we can<br> > > take some other approach for this, that will be better as all users won't be<br> > > able to spare an extra partition formatted brtfs.<br> > ><br> > ><br> > >> Basically, your program would have to check the file system that is<br> > >> used on the computer (remember Linux can have many types of file<br> > >> systems mounted at the same time), then (in the case of LVM) make sure<br> > >> there's enough free space to snapshot, and finally take the snapshot.<br> > >><br> > >> Ok. Do I have to snapshot the whole system partition / important system<br> > > files to the brtfs partition ?<br> > ><br> > ><br> > >> When the snapshots start filling up, you would either need to delete<br> > >> them or detect the low space and resize them.<br> > >><br> > >> In my personal opinion, snapshotting in Linux is currently a pain in<br> > >> the rear. It sounds like BTRFS could change that, but it's still a<br> > >> ways off.<br> > >><br> > >> Ok. I will try another approach that will be better as suggested by<br> > > people here.<br> > ><br> > ><br> > >> -A<br> > >><br> > >><br> > >> On Thu, Sep 29, 2011 at 21:00, Gaurav Saxena <<a href="mailto:grvsaxena419@gmail.com">grvsaxena419@gmail.com</a>><br> > >> wrote:<br> > >> > Hello all,<br> > >> > I want to write a windows system restore like program for ubuntu , which<br> > >> > will have options for creating restore points for the system and then<br> > >> > restoring it back to that point. Also I will as an extension provide<br> > >> support<br> > >> > for older version of a file as is in windows currently. I need your help<br> > >> to<br> > >> > find how to start with this in ubuntu. I know that I have to snapshot<br> > >> the<br> > >> > system when creating a restore point and then restore it. I need some<br> > >> > starting pointers so that I can start doing this work. Also if this has<br> > >> > already been done please inform me. I got this idea from<br> > >> > <a href="https://wiki.ubuntu.com/SystemRestore" target="_blank">https://wiki.ubuntu.com/SystemRestore</a>.<br> > >> > --<br> > >> > Thanks and Regards ,<br> > >> > Gaurav<br> > >> ><br> > >> > --<br> > >> > Ubuntu-devel-discuss mailing list<br> > >> > <a href="mailto:Ubuntu-devel-discuss@lists.ubuntu.com">Ubuntu-devel-discuss@lists.ubuntu.com</a><br> > >> > Modify settings or unsubscribe at:<br> > >> > <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss</a><br> > >> ><br> > >> ><br> > >><br> > ><br> > ><br> > ><br> > > --<br> > > Thanks and Regards ,<br> > > Gaurav<br> > ><br> > ><br> > ><br> > > --<br> > > Thanks and Regards ,<br> > > Gaurav<br> > ><br> > > --<br> > > Ubuntu-devel-discuss mailing list<br> > > <a href="mailto:Ubuntu-devel-discuss@lists.ubuntu.com">Ubuntu-devel-discuss@lists.ubuntu.com</a><br> > > Modify settings or unsubscribe at:<br> > > <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss</a><br> > ><br> > ><br> <br> > --<br> > Ubuntu-devel-discuss mailing list<br> > <a href="mailto:Ubuntu-devel-discuss@lists.ubuntu.com">Ubuntu-devel-discuss@lists.ubuntu.com</a><br> > Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss</a><br> <br> </div></div></blockquote></div><br></div>