Date: Mon, 8 Feb 2010 08:56:15 +1100 From: Peter Jeremy <peterjeremy@acm.org> To: Pascal Stumpf <Pascal.Stumpf@cubes.de> Cc: freebsd-stable@freebsd.org Subject: Re: Inmutable bit in some binaries Message-ID: <20100207215615.GB4536@server.vk2pj.dyndns.org> In-Reply-To: <201002061211.09140.Pascal.Stumpf@cubes.de> References: <4B696D0B.3070301@minibofh.org> <201002061211.09140.Pascal.Stumpf@cubes.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--ZoaI/ZTpAVc4A5k6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2010-Feb-06 12:11:08 +0100, Pascal Stumpf <Pascal.Stumpf@cubes.de> wrote: >just another idea: You may want to take a look at integrity checking syste= ms=20 >as an alternative, i.e. tripwire. Note that mtree(8) supports the integrity checking functionality of tripwire and is in the base system. (It doesn't have all the bells and whistles of tripwire and so isn't suitable for all cases). If you do go for an integrity checking system, remember to ensure that everything that your integrity checking system relies on (ie executable, database, shared libraries) is immutable - as well as the shell/cron that runs it and however the results are reported. --=20 Peter Jeremy --ZoaI/ZTpAVc4A5k6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAktvNv8ACgkQ/opHv/APuIf4lACgti1+C+vvmXkTwSts3tsEjICG dxMAoLGnXexBhms1+YrB9/2YyuHGUStR =sEqZ -----END PGP SIGNATURE----- --ZoaI/ZTpAVc4A5k6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100207215615.GB4536>