mtree vs tripwire

Dorin H bj93542 at yahoo.com
Wed Jan 14 11:17:24 PST 2004


--- D J Hawkey Jr <hawkeyd at visi.com> wrote:
> Hi all.
> 
> This might seem really naive, but can mtree be used
> effectively as
> a native-to-core-OS tripwire equivalent? Would it be
> as efficient in
> terms of time-to-run and resource requirements?
> 
Theoretically, and practical for small configurations,
yes.

> What sort of pitfalls should I be aware of?
> 

IMHO, you can use any tool you want to compute some
"signature" for files you deem relevant.  But you have
to carefully consider the scalability problem, the
problem of false/negatives (how you/your program deal
with a modified file? bin/config/data/tmp file) and so
on. Tripwire (coorect me if I am wrong, but last time
I looked it was still to be updated in FreeBSD, focus
was on "aide") is a targetted tool that helps with the
information management... probably bloated :). Like
any tool, it is up to you to decide what's useful or
not ;)
HTH,
/Dorin.

> Has anyone here done this? If so, would you care to
> share your
> scripts/techniques?
> 
> Thanks,
> Dave
> 
> -- 
>   ______________________                        
> ______________________
>   \__________________   \    D. J. HAWKEY JR.   /  
> __________________/
>      \________________/\     hawkeyd at visi.com   
> /\________________/
>                       http://www.visi.com/~hawkeyd/
> 
> _______________________________________________
> freebsd-security at freebsd.org mailing list
>
http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
"freebsd-security-unsubscribe at freebsd.org"


__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus


More information about the freebsd-security mailing list