Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 19 Dec 2000 15:19:48 -0500 (EST)
From:      Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
To:        Guy Helmer <ghelmer@palisadesys.com>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: Securing FreeBSD against hacking
Message-ID:  <200012192019.PAA33368@khavrinen.lcs.mit.edu>
In-Reply-To: <Pine.LNX.4.21.0012191349360.739-100000@magellan.palisadesys.com>
References:  <000e01c069e8$d30dccc0$f46fbdd1@pacex.net> <Pine.LNX.4.21.0012191349360.739-100000@magellan.palisadesys.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
<<On Tue, 19 Dec 2000 14:00:32 -0600 (CST), Guy Helmer <ghelmer@palisadesys.com> said:

> Use mtree(8) to check the md5 hashes of your system's binaries against the
> original 4.2 release (I haven't tried it, but I believe you can run "mtree
> -K md5digest" and compare the results against the *.mtree files in the
> release).

You'd probably find that to be rather difficult and tedious, and
there's no reason to do such a comparison by hand since that function
is built in to mtree.  Just do `mtree -d /mnt/foo -f /rdonly/foo.mtree'.

After setting up a new system for the first time, I recommend doing a:

mtree -c -i -x -p /file/system -k \
 size,flags,gid,md5digest,sha1digest,ripemd160digest,mode,nlink,uid,link,time

for every filesystem.  You might well want to use an excludes file
for directories containing files which are very likely to change.  For
example, a quick test showed me:

.:      modification time (Tue Dec 19 15:10:20 2000, Tue Dec 19 15:11:34 2000)
dev/ttyp1: 
        modification time (Tue Dec 19 15:10:25 2000, Tue Dec 19 15:15:26 2000)
dev/ptyp1: 
        modification time (Tue Dec 19 15:10:25 2000, Tue Dec 19 15:15:26 2000)
dev/ttyp2: 
        modification time (Tue Dec 19 15:10:25 2000, Tue Dec 19 15:15:26 2000)
dev/null: 
        modification time (Tue Dec 19 15:05:54 2000, Tue Dec 19 15:11:03 2000)
tmp:    modification time (Tue Dec 19 15:10:01 2000, Tue Dec 19 15:15:23 2000)

-GAWollman

--
Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu  | O Siem / The fires of freedom 
Opinions not those of| Dance in the burning flame
MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012192019.PAA33368>