This little program sets hook on pre-installing package. It unpacks .deb file to /tmp/ and checks wether it satisfies specified rules (requirements of local policy). Already created rules include checks on:
* setuid/setgid bit on executables
* cron jobs
* apparmor profiles
* scripts those are executed on install/remove (preinst/postinst, prerm/postrm)
* changing sysctl settings.
What it is and what it is not.
This is NOT an anti-virus or anti-malware or smth like that.Such type of program cannot guarantee 100% protection.Opposite, this program audits downloaded packages on matching _concrete_ policies. It report admin that some package doesn't satisfy local rules and that it should be verified manually. E.g. in case of using nonnative distribution repository (Ubuntu PPA or upstream) you are able to meet with such situation. Some maintainers think that they may add their own repositories to repos list or add their PGP keys to trusted list. Sometimes such actions are OK for system, however, admin should be noticed about them. Also admin should know all system changes made by installed packages: adding users through install scripts, sysctl settings, etc.
If you are interested download this script from here and give executable permission to this script finally run from your terminal.