Re: [Help-bash] bash suitable for parsing big files?

[adrelanos]

Matthew Cengia:
>>> > > Ultimately, it comes down to "What are you really trying to do?"
>> > 
>> > Imagine you are using $linux-distribution on hdd and you want to check
>> > the integrity of your system. You're booting from USB or DVD and which
>> > you assume the clean of backdoors while you're not so sure your hdd
>> > contains a backdoor.
>> > 
>> > The script I am writing looks what files are installed, downloads the
>> > package from $linux-distribution's repositories and compares them with
>> > the ones on the disk. Finally reports which were modified and which ones
>> > could not be verified (because they are not in a package, auto generated
>> > files, etc.). [And more.] I am doing such a thing, just not to verify a
>> > hdd, but to verify a virtual machine image.
>> > 
>> > Code:
>> > https://github.com/Whonix/Whonix/blob/master/release/verify_build#L187
>> > 
>> > Function:
>> > parse_dpkg_status_file
>> > 
> This is what debsums is for: 
> http://packages.debian.org/search?keywords=debsums

debsums is fine tool, but not the right tool for this job. It's fine for
checking integrity, but not for checking malware. Uses weak hash sums
and its manpage acknowledges "[...] is of limited use as a security
tool. [...]" It only works within the system and can not in another root
folder. (Well, you could use chroot, but then you would use untrusted
binaries.) Debsums lacks also a feature to make a list with files it
hasn't verified, because they are not owned by any packages.