From owner-freebsd-security Fri Jul 12 7:55:46 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD95B37B400 for ; Fri, 12 Jul 2002 07:55:43 -0700 (PDT) Received: from bodb.mc.mpls.visi.com (bodb.mc.mpls.visi.com [208.42.156.104]) by mx1.FreeBSD.org (Postfix) with ESMTP id 39B9443E58 for ; Fri, 12 Jul 2002 07:55:43 -0700 (PDT) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bodb.mc.mpls.visi.com (Postfix) with ESMTP id 310C44F01 for ; Fri, 12 Jul 2002 09:55:42 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g6CEtfi78331; Fri, 12 Jul 2002 09:55:41 -0500 (CDT) (envelope-from hawkeyd) Date: Fri, 12 Jul 2002 09:55:41 -0500 (CDT) Message-Id: <200207121455.g6CEtfi78331@sheol.localdomain> Mime-Version: 1.0 X-Newsreader: knews 1.0b.1 Reply-To: hawkeyd@visi.com Organization: if (!FIFO) if (!LIFO) break; References: <20020712065459.GA24030_lupe-christoph.de@ns.sol.net> <3D2EC5A9.2070305_rambo.simx.org@ns.sol.net> In-Reply-To: <3D2EC5A9.2070305_rambo.simx.org@ns.sol.net> From: hawkeyd@visi.com (D J Hawkey Jr) Subject: Re: Recommendations for filesystem integrity checkers? X-Original-Newsgroups: sol.lists.freebsd.security To: freebsd-security@freebsd.org Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In article <3D2EC5A9.2070305_rambo.simx.org@ns.sol.net>, listsub@rambo.simx.org writes: > Lupe Christoph wrote: >> Hi! >> >> Which filesystem integrity checkers do people use? I've found ports >> for aide, cksfv, integrit, l5, three versions of tripwire and yafic. >> (Feel free to point me to the ones I overlooked.) I did not find >> ports for fcheck and samhain (found on Debian). >> >> Since I don't have the time to assess them all, I would like to >> tap the collective experience of the FreeBSD security people. >> >> So which do you use, and why? >> >> Thanks for your time, >> Lupe Christoph > > Personally, I use aide. Its lightweight, easy to configure and > automate via scripts and it does exactly I want it to do. Doesn't mtree(8) fulfill the task? I have yet to try it. The nice thing - if it suits - is that it's part of the base OS. I've had good results with Tripwire, but setting the attributes for "dynamic" directories (/var/log in particular) took a little head- scratching. http://www.schlacter.net:8500/public/FreeBSD-STABLE_and_IPFILTER.html was a great aid. > R Dave -- Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming, or what?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message