Date: Sun, 22 Apr 2001 19:50:23 +0200 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: Ragnar Beer <rbeer@uni-goettingen.de>, freebsd-security@FreeBSD.ORG Subject: Re: Tripwire or the like for FreeBSD ? Message-ID: <20010422195023.A924@mail.webmonster.de> In-Reply-To: <200104202010.f3KKAQL13623@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Fri, Apr 20, 2001 at 01:10:08PM -0700 References: <p04330101b705a3fb8a10@[134.76.136.114]> <200104202010.f3KKAQL13623@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--HlL+5n6rz5pIUxbD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline i am using this simple script sitting in /opt/security/mtree/bin with data in /opt/security/mtree/data. it should be pretty self explanatory and i call it from /etc/weekly.local in check mode. comments and suggestions welcome. /k Cy Schubert - ITSD Open Systems Group(Cy.Schubert@uumail.gov.bc.ca)@2001.04.20 13:10:08 +0000: > In message <p04330101b705a3fb8a10@[134.76.136.114]>, Ragnar Beer writes: > > Has anybody looked at http://sourceforge.net/projects/tripwire/ ? > > There's a GPL'd version (2.3.1-2) of Tripwire. I got the impression > > that over mtree Tripwire has the advantage of a more finegrained > > control. > > I'm currently whittling away on the upcoming Tripwire 2.3.1-2 port. > The new port compiles and installs ok. The only thing left to complete > is the creation of a default FreeBSD policy file, which in my > estimation is about 20% complete. > > > Regards, Phone: (250)387-8437 > Cy Schubert Fax: (250)387-5766 > Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca > Open Systems Group, ITSD, ISTA > Province of BC > > > > > Ragnar > > > > >Hopefully I am not being too dense, but what about the Tripwire-1.2 in the > > >security ports? > > > > > >SM > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- > Life is a sexually transmitted disease. KR433/KR11-RIPE -- http://www.webmonster.de -- ftp://ftp.webmonster.de [Key] [KeyID---] [Created-] [Fingerprint-------------------------------------] GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 --HlL+5n6rz5pIUxbD Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=mtreechk #!/bin/sh # mtree checker # config ME="mtreechk 0.1" BASEDIR=/opt/security/mtree BINDIR=${BASEDIR}/bin DATADIR=${BASEDIR}/data MASTER=${DATADIR}/master.mtree EXCLUDE=${DATADIR}/exclude SYSTEMROOT=/ CURDATE=`date +%Y%m%d%H%M%S` CURFILE=${DATADIR}/current MTREE=/usr/sbin/mtree MTREEFLAGSWR="-cK uid,gid,mode,size,md5digest,sha1digest,ripemd160digest" MTREEFLAGSRD="" MTREEWR="${MTREE} -p ${SYSTEMROOT} -X ${EXCLUDE} ${MTREEFLAGSWR}" MTREERD="${MTREE} -p ${SYSTEMROOT} -X ${EXCLUDE} ${MTREEFLAGSRD}" RM="/bin/rm -f" NICE="/usr/bin/nice -10" # write mtree data to repo write() { local DATAFILE NEWDATE DATAFILE="${MASTER}-${CURDATE}" echo "${ME}: ${MTREEWR}" echo "${ME}: write run starts @ ${CURDATE}" ${NICE} ${MTREEWR} > ${DATAFILE} echo -n ${CURDATE} > ${CURFILE} NEWDATE=`date +%Y%m%d%H%M%S` echo "${ME}: write run ends @ ${NEWDATE}" return } # check the live fs against repo check() { local CURRENT DATAFILE ERR if [ "${2}" = "" ] then CURRENT=`cat ${CURFILE}` DATAFILE="${MASTER}-${CURRENT}" else DATAFILE=${1} fi echo "${ME}: ${MTREERD}" echo "${ME}: check run starts @ ${CURDATE}" ${NICE} ${MTREERD} < ${DATAFILE} ERR=${?} NEWDATE=`date +%Y%m%d%H%M%S` echo "${ME}: check run ends @ ${NEWDATE}" if [ ${ERR} = 0 ] then echo "${ME}: no diffs" else echo "${ME}: found differences, please check" fi return } # kill the repo clobber() { echo "${ME}: resetting repository" ${RM} ${MASTER}-* ${CURFILE} } # blurb usage() { echo "${ME} - wrapper for automated file integrity checks" echo "syntax: ${0} command [parameter]" echo "commands: " echo " write write out mtree for ${SYSTEMROOT}" echo " check check latest integrity information on ${SYSTEMROOT}" echo " check FILE check integrity information containe in FILE" echo " clobber reset (KILL) the checksum repository" echo "submit your comments and patches: karsten@rohrbach.de" exit 1 } CMD=${1} case ${CMD} in write) write ;; check) check ;; clobber) clobber ;; *) usage ;; esac --HlL+5n6rz5pIUxbD-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010422195023.A924>