Date: Sat, 16 Sep 2000 21:21:32 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: cjclark@alum.mit.edu Cc: "Jason C. Wells" <jcwells@nwlink.com>, freebsd-chat@FreeBSD.ORG Subject: Re: Tripwire vs. Mtree Message-ID: <Pine.BSF.4.21.0009162119250.4662-100000@freefall.freebsd.org> In-Reply-To: <20000915161430.A97377@149.211.6.64.reflexcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 15 Sep 2000, Crist J . Clark wrote:
> On Fri, Sep 15, 2000 at 02:06:03PM -0700, Jason C. Wells wrote:
> > On Fri, 15 Sep 2000, Kris Kennaway wrote:
> >
> > > Well, thats not a fundamental problem - you can trivially link mtree
> > > statically. Basically, I think mtree can do everything tripwire can,
> > > but it's a raw tool, not a ready-to-use product and you will have to do
> > > a bit of scripting to use it like that.
> >
> > I have never implemented any type of integrity checking. I know mtree
> > runs on installworld but thats about it.
> >
> > I think I am going to give it a go with the native tool. I do recall the
> > database format as being rather terse. Perhaps user issues will steer me
> > toward tripwire.
>
> >From a quick review of the mtree(8) manpage and from experience with
> tripwire, I see just a few capabilities that tripwire has that mtree
> does not. mtree does not seem to have the capability to check inode
> number. mtree only can check modification time. There is no facility
> to check creation time or access time.
>
> But to be honest, I never realized mtree was as powerful as it is. The
> fact that the file specification info is quite human readable would
> make doing detailed modifications easy, and that can be awkward in the
> tripwire configuration file. However, scripting to build the basis of
> a specification file for mtree that will not be extremely labor
> intensive to tweek is a non-trivial job.
mtree can scan an existing filesystem to generate the specification file -
see the -c option.
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009162119250.4662-100000>