I looked around for a solution to check an installed PureOS/Debian system against given repositories.
The checking should be done by starting a program/script in a rescue system that has access to the filesystem(s) of the system to be checked (boot from cd, boot from usb, connect hard drive to a trusted computer, etc.).
- should be startable from a boot-cd or boot-usb
- gives back a status for all files on a given directory tree which contains a debian / pureos system
- status of each file is either known good, config file changed, known bad, unknown
- compares files to content of given repositories
- should not rely on data that has been gathered ahead of checking (like e.g. tiger package or debsums)
File status explanation:
- known good: the file is owned by a package and is binary equal to the file(s) from the repositories
- config file changed: the file is owned by a package and known as a config file and has been changed
- known bad: the file is owned by a package, is not a config file and binary differs at least to the file download from one repository
- unknown: file is not owned by a package (and should probably be checked by other means)
I didn’t find anything with this functionality. Does anybody know some software which can do this?