Re: Recommendations for filesystem integrity checkers?

From: D J Hawkey Jr (
Date: 07/12/02

Date: Fri, 12 Jul 2002 09:55:41 -0500 (CDT)
From: (D J Hawkey Jr)

In article <>, writes:
> Lupe Christoph wrote:
>> Hi!
>> Which filesystem integrity checkers do people use? I've found ports
>> for aide, cksfv, integrit, l5, three versions of tripwire and yafic.
>> (Feel free to point me to the ones I overlooked.) I did not find
>> ports for fcheck and samhain (found on Debian).
>> Since I don't have the time to assess them all, I would like to
>> tap the collective experience of the FreeBSD security people.
>> So which do you use, and why?
>> Thanks for your time,
>> Lupe Christoph
> Personally, I use aide. Its lightweight, easy to configure and
> automate via scripts and it does exactly I want it to do.

Doesn't mtree(8) fulfill the task? I have yet to try it. The nice
thing - if it suits - is that it's part of the base OS.

I've had good results with Tripwire, but setting the attributes for
"dynamic" directories (/var/log in particular) took a little head-
was a great aid.

> R


Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"
To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message