From owner-freebsd-security@freebsd.org Thu Feb 25 05:38:48 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C7B76AB35AD for ; Thu, 25 Feb 2016 05:38:48 +0000 (UTC) (envelope-from robert.ayrapetyan@gmail.com) Received: from mail-pa0-x22b.google.com (mail-pa0-x22b.google.com [IPv6:2607:f8b0:400e:c03::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A587D233 for ; Thu, 25 Feb 2016 05:38:48 +0000 (UTC) (envelope-from robert.ayrapetyan@gmail.com) Received: by mail-pa0-x22b.google.com with SMTP id fl4so26010097pad.0 for ; Wed, 24 Feb 2016 21:38:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=JDwLDzTVNJ34BpuSq07lg2Y9e/x7ULgrO+jm0Tz+sOo=; b=krs3gLI7yIuGdU0snlsbOMBnYw3zYTPnuhhV6qWNiKV4mB6CelTCVDPkdAr0MlgKLX hC32Ha7o7DSK1zL5jiaLEWYt4YFHWLk1IrDkFGTAe1YkQifgmwLMcWp7ETQt87b0H1pq bJOqm3V1+G43mTmolLxF6eJiovCexCaIuxxXu1diuevMEtclknGKLAFPwRAWaU3vwTxj PyZ7yuNkQklULqIdwK6qsV3u6H90z/U1GswRbdm6oi6V6jk2oDSYjn1A2lVbXZHD0OE/ IZIu6afTocEDQhmOr1Rt0PeVgB1bpjIXEqtFtEMMRuMMzl+eIszuFJvH5Q0iUqdCtRzW oW2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-type :content-transfer-encoding; bh=JDwLDzTVNJ34BpuSq07lg2Y9e/x7ULgrO+jm0Tz+sOo=; b=D/qlbdbWiMnJ/shBhy/yalOMIh/0lMVtbZlxa+C03qndOmFgIx4FoqRRAuOkMwU9Fx h2KqZuFTB0fTQ0moX0ezRmY61TyFhiEM5eLqW5S9JqaSm/psUHrCV0o/bc+gsZOgGJmk 7d/d9ErVaf5JWs3u2eP6Sal27amMECkl33r+vITEYuE1x6DrYe+ievwj7M5MoqY5Cxbt MPFwsAW3oyyoDS1EdsS4xAHKILhJdGvMe6Mugkzn6XjMgEd4jN4hM4B3Rlm2R+QSRFuj T1ewzONjbfiC5aLgcavi0A8iWwR+HOTqRtO+bsh0dbIPPmrrn1lr9pSIjQEteIV58SuS xOTw== X-Gm-Message-State: AG10YOS+iVg6SAKZK0SIf7a9XB0Z5HBDb9DNAE9LBRGjrLOeu3ifuVbHIJSLg6fCpj/Kxw== X-Received: by 10.66.61.204 with SMTP id s12mr19759852par.108.1456378728072; Wed, 24 Feb 2016 21:38:48 -0800 (PST) Received: from [192.168.1.116] (c-50-156-112-176.hsd1.ca.comcast.net. [50.156.112.176]) by smtp.googlemail.com with ESMTPSA id 19sm8800331pfb.64.2016.02.24.21.38.47 for (version=TLSv1/SSLv3 cipher=OTHER); Wed, 24 Feb 2016 21:38:47 -0800 (PST) Subject: Re: verify FreeBSD installation To: freebsd-security@freebsd.org References: <56CD2EE3.5080009@gmail.com> <56cde2cd.8964420a.945d.5802SMTPIN_ADDED_MISSING@mx.google.com> From: Robert Ayrapetyan Message-ID: <56CE9366.7050302@gmail.com> Date: Wed, 24 Feb 2016 21:38:46 -0800 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 In-Reply-To: <56cde2cd.8964420a.945d.5802SMTPIN_ADDED_MISSING@mx.google.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Feb 2016 05:38:49 -0000 Thanks everyone! On 02/24/16 09:04, Roger Marquis wrote: >> Hi. Is there any reliable way to verify checksums of all local files >> for some FreeBSD installation? E.g. I'm using a hoster which provides >> pre-deployed FreeBSD instances, how can I be sure there are no any >> patches\changes in a kernel\services etc? > > At the filesystem-level there's security/integrit which we use with a > wrapper script for readable reports. Integrit replaced tripwire when > that company moved away from FOSS. > > From the configuration-level there's 'pkg info', 'sysrc -a', 'ipfw sh', > ... and of course the parsed output from /var/log/* to add real-time > monitoring. > > I also recommend supplementing these tools with revision tracking for > anything host-specific and non-binary such as /etc/periodic/*/* and > /etc/rc.*. RCS works well for this on the localhost-level. On a large > scale ansible is my tool of choice for pulling this information from any > number of hosts into hg or git from which deltas and other reports can be > easily generated. > > If you manage a large number of hosts and are interested in helping to > pull all of these tools into a pkg/port let me know. > > Roger > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"