From owner-freebsd-security@freebsd.org  Thu Feb 25 06:12:32 2016
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2232EAB3289
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Thu, 25 Feb 2016 06:12:32 +0000 (UTC) (envelope-from terje@elde.net)
Received: from rand.keepquiet.net (keepquiet.net [144.76.43.178])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "keepquiet.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id E32601335
 for <freebsd-security@freebsd.org>; Thu, 25 Feb 2016 06:12:31 +0000 (UTC)
 (envelope-from terje@elde.net)
Received: from [10.130.11.109] (unknown [84.210.87.28])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 (Authenticated sender: terje@elde.net)
 by rand.keepquiet.net (Postfix) with ESMTPSA id AC3679D7;
 Thu, 25 Feb 2016 06:03:14 +0000 (UTC)
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (1.0)
Subject: Re: verify FreeBSD installation
From: Terje Elde <terje@elde.net>
X-Mailer: iPhone Mail (13D20)
In-Reply-To: <56CD2EE3.5080009@gmail.com>
Date: Thu, 25 Feb 2016 07:03:05 +0100
Cc: freebsd-security@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <A6D06224-5502-4CAC-A88D-951E25466D51@elde.net>
References: <56CD2EE3.5080009@gmail.com>
To: Robert Ayrapetyan <robert.ayrapetyan@gmail.com>
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2016 06:12:32 -0000



> On 24 Feb 2016, at 05:17, Robert Ayrapetyan <robert.ayrapetyan@gmail.com> w=
rote:
>=20
> Hi. Is there any reliable way to verify checksums of all local files for s=
ome FreeBSD installation? E.g. I'm using a hoster which provides pre-deploye=
d FreeBSD instances, how can I be sure there are no any patches\changes in a=
 kernel\services etc? Does FreeBSD provides any automated tools for such kin=
d of a verification?

Just a quick note; if you suspect malicious intent from a competent attacker=
 (your provider in this case), running an IDS-type check won't do. It's poss=
ible to use a kernel-module that omits itself when you're looking at the fil=
e system after boot for example, so it'd be invisible or look normal when ch=
ecking the filesystem.=20

Since you say "instance", I'm thinking probably VPS, in which case there nee=
ds to be a level of trust in the provider anyway, and this probably doesn't a=
pply to you. Just wanted to mention it quickly as an apropos.=20

Terje