From owner-freebsd-security Mon Dec 16 11:40:36 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id LAA27410 for security-outgoing; Mon, 16 Dec 1996 11:40:36 -0800 (PST) Received: from service.esys.ca (root@service.esys.ca [141.118.1.124]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id LAA27405 for ; Mon, 16 Dec 1996 11:40:30 -0800 (PST) Received: from monet.esys.ca by service.esys.ca with smtp (Smail3.1.28.1 #1) id m0vZiwX-000UlmC; Mon, 16 Dec 96 12:43 MST Received: from cezanne.esys.ca by monet.esys.ca with smtp (Smail3.1.28.1 #6) id m0vZixN-000RZVC; Mon, 16 Dec 96 12:44 MST From: Lyndon Nerenberg To: adrian@virginia.edu cc: freebsd-security@freebsd.org, Don Lewis Subject: Tripwire database for release tree In-Reply-To: Message-ID: Date: Mon, 16 Dec 1996 12:44:09 -0700 (MST) Priority: NORMAL X-Mailer: Simeon for Hpux Motif Version 4.1 Beta 3 X-Authentication: none MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Tue, 10 Dec 1996 10:19:54 -0500 (EST) "Adrian T. Filipi-Martin" wrote: > This reminds me, has anyone considered getting a precomputed list > of MD5 signatures for all precompiled system binaries onto the > distribution CDs? While it would not necessarily help those who recompile > world, it would still be a handy time saver. I suppose even the scripts > to make and compare the MD5 checksums would be handy as part of the > system. I've been promising to do this for the better part of a year now. The plan was to include tripwire in the ports collection, and build a precomputed database corresponding to the release binaries that would be included on the CDROM. You could them run tripwire against the CD database to look for altered files. I will see if I can free up a couple of days over the Xmas holidays to complete this work. --lyndon