Date: Wed, 14 Jan 2004 10:27:55 -0800 From: Gregory Neil Shapiro <gshapiro@freebsd.org> To: D J Hawkey Jr <hawkeyd@visi.com> Cc: security at FreeBSD <freebsd-security@freebsd.org> Subject: Re: mtree vs tripwire Message-ID: <20040114182755.GX50342@horsey.gshapiro.net> In-Reply-To: <20040114182154.GA22444@sheol.localdomain> References: <20040114134215.GA21307@sheol.localdomain> <20040114180931.GA17074@miracle.mongers.org> <20040114182154.GA22444@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
> Is your reply from personal experience, or is it the same "Hey, it > could..." as is my question? If the former, would you elaborate on the > implementation details? I use: mtree -K sha1digest -c -X mtree.exclude -p / > mtree.out where mtree.exclude is: ./home ./mnt ./proc ./tmp ./var/account ./var/backups ./var/db ./var/imap ./var/lock ./var/log ./var/mail ./var/run ./var/spool ./var/tmp Although I am sure there is a better way to do it with mtree, to see if something has changed, I repeat the process and diff the output.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040114182755.GX50342>