dpkg-paranoiaThis little program sets hook on pre-installing package. Itunpacks .deb file to /tmp/ and checks wether it satisfiesspecified rules (requirements of local policy). Alreadycreated rules include checks on:* setuid/setgid bit on executables* cron jobs* apparmor profiles* scripts those are executed on install/remove(preinst/postinst, prerm/postrm)* changing sysctl settings.Run "chmod a-x /etc/dpkg-paranoia.d/checkXXX" to disable checkXXX.If installation is launched in non-interactive mode and any ofabove checks is failed then installation fails.If installation is launched in interactive mode and any ofabove checks is failed then user is given a prompt what todo with this suspicious package.What it is and what it is not.------------------------------This is NOT an anti-virus or anti-malware or smth like that.Such type of program cannot guarantee 100% protection.Opposite, this program audits downloaded packages onmatching _concrete_ policies. It report admin that somepackage doesn't satisfy local rules and that it should beverified manually. E.g. in case of using nonnative distributionrepository (Ubuntu PPA or upstream) you are able to meetwith such situation. Some maintainers think that they mayadd their own repositories to repos list or add their PGPkeys to trusted list. Sometimes such actions are OK forsystem, however, admin should be noticed about them. Alsoadmin should know all system changes made by installedpackages: adding users through install scripts, sysctlsettings, etc.