Date: Wed, 14 Jan 2004 11:17:22 -0800 (PST) From: Dorin H <bj93542@yahoo.com> To: hawkeyd@visi.com Cc: freebsd-security@freebsd.org Subject: Re: mtree vs tripwire Message-ID: <20040114191722.88525.qmail@web12606.mail.yahoo.com> In-Reply-To: <20040114134215.GA21307@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
--- D J Hawkey Jr <hawkeyd@visi.com> wrote: > Hi all. > > This might seem really naive, but can mtree be used > effectively as > a native-to-core-OS tripwire equivalent? Would it be > as efficient in > terms of time-to-run and resource requirements? > Theoretically, and practical for small configurations, yes. > What sort of pitfalls should I be aware of? > IMHO, you can use any tool you want to compute some "signature" for files you deem relevant. But you have to carefully consider the scalability problem, the problem of false/negatives (how you/your program deal with a modified file? bin/config/data/tmp file) and so on. Tripwire (coorect me if I am wrong, but last time I looked it was still to be updated in FreeBSD, focus was on "aide") is a targetted tool that helps with the information management... probably bloated :). Like any tool, it is up to you to decide what's useful or not ;) HTH, /Dorin. > Has anyone here done this? If so, would you care to > share your > scripts/techniques? > > Thanks, > Dave > > -- > ______________________ > ______________________ > \__________________ \ D. J. HAWKEY JR. / > __________________/ > \________________/\ hawkeyd@visi.com > /\________________/ > http://www.visi.com/~hawkeyd/ > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" __________________________________ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040114191722.88525.qmail>