mtree vs tripwire
Dorin H
bj93542 at yahoo.com
Wed Jan 14 11:17:24 PST 2004
--- D J Hawkey Jr <hawkeyd at visi.com> wrote:
> Hi all.
>
> This might seem really naive, but can mtree be used
> effectively as
> a native-to-core-OS tripwire equivalent? Would it be
> as efficient in
> terms of time-to-run and resource requirements?
>
Theoretically, and practical for small configurations,
yes.
> What sort of pitfalls should I be aware of?
>
IMHO, you can use any tool you want to compute some
"signature" for files you deem relevant. But you have
to carefully consider the scalability problem, the
problem of false/negatives (how you/your program deal
with a modified file? bin/config/data/tmp file) and so
on. Tripwire (coorect me if I am wrong, but last time
I looked it was still to be updated in FreeBSD, focus
was on "aide") is a targetted tool that helps with the
information management... probably bloated :). Like
any tool, it is up to you to decide what's useful or
not ;)
HTH,
/Dorin.
> Has anyone here done this? If so, would you care to
> share your
> scripts/techniques?
>
> Thanks,
> Dave
>
> --
> ______________________
> ______________________
> \__________________ \ D. J. HAWKEY JR. /
> __________________/
> \________________/\ hawkeyd at visi.com
> /\________________/
> http://www.visi.com/~hawkeyd/
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
>
http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
"freebsd-security-unsubscribe at freebsd.org"
__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus
More information about the freebsd-security
mailing list