mtree vs tripwire
Lowell Gilbert
freebsd-security-local at be-well.ilk.org
Fri Jan 16 07:29:32 PST 2004
Gregory Neil Shapiro <gshapiro at freebsd.org> writes:
> > Is your reply from personal experience, or is it the same "Hey, it
> > could..." as is my question? If the former, would you elaborate on the
> > implementation details?
>
> I use:
>
> mtree -K sha1digest -c -X mtree.exclude -p / > mtree.out
>
> where mtree.exclude is:
>
> ./home
> ./mnt
> ./proc
> ./tmp
> ./var/account
> ./var/backups
> ./var/db
> ./var/imap
> ./var/lock
> ./var/log
> ./var/mail
> ./var/run
> ./var/spool
> ./var/tmp
>
> Although I am sure there is a better way to do it with mtree, to
> see if something has changed, I repeat the process and diff the
> output.
That would be
mtree < mtree.out
to have mtree do it itself.
More information about the freebsd-security
mailing list