Is AIDE included in the installation iso?

22 views
Skip to first unread message

David Renz

unread,
Nov 6, 2016, 9:27:04 PM11/6/16
to qubes-users

Hello everyone,

currently I don't have QubesOS installed unfortunately, so I can't check this by myself, and it might take some time until I'll be able to install it, therefore I'm asking about this on the list:
I think that AIDE is the most sophisticated tool for checking file system integrity (and I believe that this approach might be one of the best in order to see whether a system got compromised or not), but obviously it could render this approach useless, if one would first habe to go online after having installed QubesOS and then AIDE from a Repo, which might be compromised. Therefore my question: Is AIDE included in the Fedora installation iso, so that those security issues couls be circumvented?

By the way, doing so should not only be done before going online for the first time, but already before the system restarts after its installation (because otherwise ACPI or other firmware code might compromise the system during the first boot process).

If it's not included in the installation iso, then I'd strongly suggest that it should be added. (The second best solution would be to download it and pray that this download is not compromised (probably I don't need to mention that there are various ways to compromise this download without someone being able to notice that), bur actually that doesn't even sound like a 'second best', but a rather careless approach.)

Maybe manually hashing files by writing a script could be another approach (I'd rather do that than trust a security relevant tool I downloaded from somewhere), though AIDE is really great in its functionality and it would be really nice if doing so would be possible.

Kind regards and all the best

David

Andrew David Wong

unread,
Nov 6, 2016, 9:53:55 PM11/6/16
to David Renz, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2016-11-05 01:32, David Renz wrote:
> Hello everyone,
>
> currently I don't have QubesOS installed unfortunately, so I can't check this by myself, and it might take some time until I'll be able to install it, therefore I'm asking about this on the list:
> I think that AIDE is the most sophisticated tool for checking file system integrity (and I believe that this approach might be one of the best in order to see whether a system got compromised or not), but obviously it could render this approach useless, if one would first habe to go online after having installed QubesOS and then AIDE from a Repo, which might be compromised. Therefore my question: Is AIDE included in the Fedora installation iso, so that those security issues couls be circumvented?
>

Do you want it in dom0 or in domUs (or both)? Which package would you like us to check for?

> By the way, doing so should not only be done before going online for the first time, but already before the system restarts after its installation (because otherwise ACPI or other firmware code might compromise the system during the first boot process).
>
> If it's not included in the installation iso, then I'd strongly suggest that it should be added. (The second best solution would be to download it and pray that this download is not compromised (probably I don't need to mention that there are various ways to compromise this download without someone being able to notice that), bur actually that doesn't even sound like a 'second best', but a rather careless approach.)
>

This shouldn't be an issue, since the packages you download should be PGP-signed.

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYH+y2AAoJENtN07w5UDAwxQsP/321HHZlTpEs9BI8mSNnhRqV
o4+Lj2zl/AZtQvwyNjGgzOCmwPTozf/+JkkjlWp2RNkttsxAqrbca8w9Z3SQ6NnL
iiH73RSfWSU1audnAAVMg0tfzpVfc1ari8oFobTS3omiCnxMdtU9fiMvIjQ7bs/4
tedCin5jbLp/arI047JMXI07grLByeOMH0sG3K/ogcSImyOTjylW95p4uCurnw7p
iczvvF2VX8OdjxYdUcc0RTCmKiu8BFvIXVZJm+yrzjEA0OkXL3oLfstlBNXyW6r1
o4DyOar4qWwC8smZV2qKFBBKm/o7YTdVactKdBiaJVGh4cMCsbX5F7yQxh2Ncj5r
abKuk1sK9hkOnPJk96r/p5wnlTquScxCP2d8PM6PjoB5XJs9lQY1A3MRq/CCcoiJ
a1KwL55mokRLucnEb1kwUAOgfPj1/BDY1pmkIMYWV8qSWA1LSIuTFA/IXuGdufFu
9wTBjJenNJkF57VrEgvmDtJlmxefSwH550HLTi4S5UxEN04a5zWonCghk0TLgSdB
lr0tuBCQymZ+Odqa4HJMGVSrkmuk2oq9rOQvctI36YMY45uDu6IokBwrFIbrjK3h
hsWRAJwHxaaDHh2reFlwuEaqioeRf9Qx66M3Rjb316IgsCJJSmejudRD8IXutGO+
RXglnoxKwS6NdHiimor7
=TQCU
-----END PGP SIGNATURE-----

raah...@gmail.com

unread,
Nov 6, 2016, 11:07:43 PM11/6/16
to qubes-users, ad...@lunix-os.de

You just install the package like any other linux.

I still like tripwire the best, even though the opensource version is so outdated. Some more modern solutions are OSSEC or Samhain, but they are more like windows type all in one solutions and might be considered bloated.

raah...@gmail.com

unread,
Nov 6, 2016, 11:11:30 PM11/6/16
to qubes-users, ad...@lunix-os.de, raah...@gmail.com

When using these type of programs on qubes though I found it too noisy and pointless. Just for dom0 might not be a bad idea. Just routinely wipe your other vms at the slightest anomaly haha. its so easy in qubes.

raah...@gmail.com

unread,
Nov 6, 2016, 11:12:02 PM11/6/16
to qubes-users, ad...@lunix-os.de, raah...@gmail.com

I end up deleting the sys-net vm alot.

Reply all
Reply to author
Forward
0 new messages