Date: Mon, 13 Aug 2018 10:50:34 +1000 From: Aristedes Maniatis <ari@ish.com.au> To: freebsd-stable <freebsd-stable@freebsd.org> Subject: freebsd-update IDS: fixing errors Message-ID: <b8ddeb62-efd0-ffa2-ce9c-79ce9edb538f@ish.com.au>
next in thread | raw e-mail | index | archive | help
I'd like to use "freebsd-update IDS" as a simple intrusion check. I have a separate mechanism to test that freebsd-update itself hasn't been modified. However I get lots of lines like this: /usr/share/man/man4/if_ixgbe.4.gz has SHA256 hash 859cc19faf7a511755409aa143b24ccb2c998bbc99a5972d1d7aa70f37611a65, but should have SHA256 hash 5652698ae3834e8cfbb2d0e5a95fe7984a6656f0a6c792e88ea8f2c75873555e. Two questions: 1. What causes these mismatches? Does IDS not take into account minor updates or something else? 2. Is there a simple way to fix this that doesn't involve a system reinstall? Just unzip the FreeBSD tz files and copy over the relevant bits? Could that be added as a feature to the IDS command? Ari
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b8ddeb62-efd0-ffa2-ce9c-79ce9edb538f>