Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 1 Jun 2000 11:41:58 -0400 (EDT)
From:      Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
To:        Robert Gash <gashalot@gashalot.com>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Recommendations for alternative tripwire options
Message-ID:  <200006011541.LAA37965@khavrinen.lcs.mit.edu>
In-Reply-To: <Pine.LNX.4.21.0005312208000.32087-100000@raq.tabernae.com>
References:  <Pine.LNX.4.21.0005312208000.32087-100000@raq.tabernae.com>
index | next in thread | previous in thread | raw e-mail 

<<On Wed, 31 May 2000 22:15:08 -0400 (EDT), Robert Gash <gashalot@gashalot.com> said:

> Has anyone found any decent systems like tripwire available under the GNU
> GPL?

You are asking this on a FreeBSD mailing-list?

In any event, try (in 5-current and 4-stable):

	# mtree -ciK md5digest,sha1digest,ripemd160digest -p / \
	> >my.file.list

To check, use:

	# mtree -p / my.file.list

You will probably find a significant number of files which are
expected to change; you'll want to list these in a separate file and
regenerate the list using the `-X' option.  (You'll then also want to
check the list using the same option.)  At some point, I'll try to
come up with a list which could serve as a starting point.

Here is an example of what the specification file looks like:

#	   user: wollman
#	machine: khavrinen.lcs.mit.edu
#	   tree: /
#	   date: Thu Jun  1 11:36:55 2000

# .
/set type=file uid=0 gid=0 mode=0755 nlink=1
.               type=dir nlink=24 size=1024 time=958576737.0
    .cshrc          mode=0644 nlink=2 size=653 time=958576718.0 \
                    md5digest=7f38e672eedf928898b502e591f00c50 \
                    sha1digest=a2bf06ffb1c8478fdf898e6b748c4f48f2fa8b72 \
                    ripemd160digest=24e07e45d56f8b7eafdc48e7063f21ac2aa4de62
    .profile        mode=0644 nlink=2 size=251 time=948741779.0 \
                    md5digest=5cda7079d26225afa62d327ed5675cc5 \
                    sha1digest=efb1d360dc4643341466976cfaa009324a7f713b \
                    ripemd160digest=7449907dda3d6ed151c1aa5ebe697ff3ace61454
[...]
    kernel          mode=0555 size=2397703 time=958575176.0 \
                    md5digest=386cabf8174df13f02c447f0481723dc \
                    sha1digest=6e599333455b1bd469a23ac1ea0aa7675d4cb0b2 \
                    ripemd160digest=885928f0e37675bbe2bf1277b06ca743576265d4 \
                    flags=schg

[rest of the specification deleted]

-GAWollman



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006011541.LAA37965>