From owner-freebsd-current Wed Apr 5 18:26:15 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id SAA07508 for current-outgoing; Wed, 5 Apr 1995 18:26:15 -0700 Received: from ibp.ibp.fr (ibp.ibp.fr [132.227.60.30]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id SAA07502 ; Wed, 5 Apr 1995 18:26:13 -0700 Received: from blaise.ibp.fr (blaise.ibp.fr [132.227.60.1]) by ibp.ibp.fr (8.6.12/jtpda-5.0) with ESMTP id DAA11152 ; Thu, 6 Apr 1995 03:26:10 +0200 Received: from (roberto@localhost) by blaise.ibp.fr (8.6.12/jtpda-5.0) id DAA11619 ; Thu, 6 Apr 1995 03:26:10 +0200 From: roberto@blaise.ibp.fr (Ollivier Robert) Message-Id: <199504060126.DAA11619@blaise.ibp.fr> Subject: Re: "Cookbook" for security. To: jkh@freefall.cdrom.com (Jordan K. Hubbard) Date: Thu, 6 Apr 1995 03:26:09 +0200 (MET DST) Cc: current@freefall.cdrom.com In-Reply-To: <15076.797078123@freefall.cdrom.com> from "Jordan K. Hubbard" at Apr 5, 95 03:35:23 am X-Operating-System: FreeBSD 2.1.0-Development ctm#480 X-Mailer: ELM [version 2.4 PL23beta2] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Content-Length: 788 Sender: current-owner@FreeBSD.org Precedence: bulk > extracting these extra flags ANYWAY, we might as well make a virtue of > a vice and go "cookbook" style on it, where some central well-known > file contains information that can be used to apply the flags in > question after the system is installed. For that matter, the file can > also contain MD5 checksums so that you can verify that all the > "important" files have not been changed from the release copies. > Needless to say, the "cookbook" file should be highly immutable itself > in these cases :-). Check Tripwire from Gene Spafford and ???. It does exactly that with 5 or more "checksums" including md5, snefru, SHA, and so on. -- Ollivier ROBERT -=- The daemon is FREE! -=- roberto@FreeBSD.ORG FreeBSD keltia 2.1.0-Development #7: Thu Mar 23 00:28:31 MET 1995