1

I am managing a Debian 11 bullseye server and I want to register its ID inside a database filled with other IDs. I want the ID registered in the database to persist with the physical hardware (i.e. cannot be changed or spoofed by software). I have 3 contenders so far:

cat /etc/machine-id

This apparently has to do with the device's MAC address?? Which may be spoofed easily, so that will not persist (I may be wrong).

The next two have to do with product vendors and stuff:

cat /sys/class/dmi/id/board_serial
cat /sys/class/dmi/id/product_uuid

These have to do with the physical motherboard, so I guess it is more persistent? But again, I am not sure if these can be changed or not. Again, I am seeking for something that sticks to the hardware associated with it, and I have seen https://stackoverflow.com/questions/10152762/best-way-to-get-machine-id-on-linux. It is not what I want.

If none of the 3 mentioned above are correct, please tell me where I can cat the real ID! Hopefully this can be stored in a file somewhere. I do not want a cryptographic hash as a replacement.

VJZ
  • 119

1 Answers1

0

None of these are universal. MAC addresses are easily changed. I have a few servers where board_serial is None. I have other servers where product_uuid is identical on multiple systems. MAC is generally most often unique, you just have to assume that you don't have anybody malicious. /etc/machine-id can be changed at boot time. Essentially, if you don't trust the people with root you cannot get a unique id out of the system.

doneal24
  • 5,059
  • 1
    Is there some ID I am not aware of? It doesn't have to be constrained to my 3 options. – VJZ Mar 09 '22 at 16:44