Date: Fri, 9 Aug 2002 23:11:33 +0100 From: Tony Finch <dot@dotat.at> To: freebsd-hackers@freebsd.org Cc: dot@dotat.at Subject: using mtree as tripwire Message-ID: <20020809231133.D1697@chiark.greenend.org.uk>
next in thread | raw e-mail | index | archive | help
I've been playing around with using mtree as a lightweight replacement for tripwire, and it seems to work quite nicely. There are a few bits and pieces: (1) a patch to make the -X exclude-file facility slightly more flexible and easy-to-manage; (2) a script for creating the mtree spec file containing all of the checksums; and (3) an /etc/periodic/security script to do the mtree checksum comparison with reality. I've parametrized (3) with a command for obtaining the spec file, for people who keep it on a remote machine etc. so obviously (2) should have a corresponding option. I suppose it could get it from periodic.conf but that's a bit ugly since it isn't a periodic script. Does anyone have any better ideas? I'd also like to optionally run (2) as part of the installworld process, and maybe include it as part of the standard distribution. I'm currently keeping the file in /var/db/; I'm not sure whether or not that's better than /etc/mtree/ -- it's over 7MB on my machine which is probably an important consideration. The patch to mtree and some of the scripts can be found at http://people.FreeBSD.org/~fanf/FreeBSD/ Tony. -- f.a.n.finch <dot@dotat.at> http://dotat.at/ SOUTH FITZROY: WESTERLY VEERING NORTHWESTERLY 4 OR 5, OCCASIONALLY 6 AT FIRST. RAIN OR DRIZZLE AT TIMES. GOOD OCCASIONALLY MODERATE. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020809231133.D1697>