Date: Tue, 19 Dec 2000 15:19:48 -0500 (EST) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: Guy Helmer <ghelmer@palisadesys.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Securing FreeBSD against hacking Message-ID: <200012192019.PAA33368@khavrinen.lcs.mit.edu> In-Reply-To: <Pine.LNX.4.21.0012191349360.739-100000@magellan.palisadesys.com> References: <000e01c069e8$d30dccc0$f46fbdd1@pacex.net> <Pine.LNX.4.21.0012191349360.739-100000@magellan.palisadesys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Tue, 19 Dec 2000 14:00:32 -0600 (CST), Guy Helmer <ghelmer@palisadesys.com> said: > Use mtree(8) to check the md5 hashes of your system's binaries against the > original 4.2 release (I haven't tried it, but I believe you can run "mtree > -K md5digest" and compare the results against the *.mtree files in the > release). You'd probably find that to be rather difficult and tedious, and there's no reason to do such a comparison by hand since that function is built in to mtree. Just do `mtree -d /mnt/foo -f /rdonly/foo.mtree'. After setting up a new system for the first time, I recommend doing a: mtree -c -i -x -p /file/system -k \ size,flags,gid,md5digest,sha1digest,ripemd160digest,mode,nlink,uid,link,time for every filesystem. You might well want to use an excludes file for directories containing files which are very likely to change. For example, a quick test showed me: .: modification time (Tue Dec 19 15:10:20 2000, Tue Dec 19 15:11:34 2000) dev/ttyp1: modification time (Tue Dec 19 15:10:25 2000, Tue Dec 19 15:15:26 2000) dev/ptyp1: modification time (Tue Dec 19 15:10:25 2000, Tue Dec 19 15:15:26 2000) dev/ttyp2: modification time (Tue Dec 19 15:10:25 2000, Tue Dec 19 15:15:26 2000) dev/null: modification time (Tue Dec 19 15:05:54 2000, Tue Dec 19 15:11:03 2000) tmp: modification time (Tue Dec 19 15:10:01 2000, Tue Dec 19 15:15:23 2000) -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012192019.PAA33368>