Re: Recommendations for filesystem integrity checkers?

From: D J Hawkey Jr (hawkeyd@visi.com)
Date: 07/12/02


Date: Fri, 12 Jul 2002 09:55:41 -0500 (CDT)
From: hawkeyd@visi.com (D J Hawkey Jr)
To: freebsd-security@freebsd.org

In article <3D2EC5A9.2070305_rambo.simx.org@ns.sol.net>,
        listsub@rambo.simx.org writes:
> Lupe Christoph wrote:
>> Hi!
>>
>> Which filesystem integrity checkers do people use? I've found ports
>> for aide, cksfv, integrit, l5, three versions of tripwire and yafic.
>> (Feel free to point me to the ones I overlooked.) I did not find
>> ports for fcheck and samhain (found on Debian).
>>
>> Since I don't have the time to assess them all, I would like to
>> tap the collective experience of the FreeBSD security people.
>>
>> So which do you use, and why?
>>
>> Thanks for your time,
>> Lupe Christoph
>
> Personally, I use aide. Its lightweight, easy to configure and
> automate via scripts and it does exactly I want it to do.

Doesn't mtree(8) fulfill the task? I have yet to try it. The nice
thing - if it suits - is that it's part of the base OS.

I've had good results with Tripwire, but setting the attributes for
"dynamic" directories (/var/log in particular) took a little head-
scratching.
http://www.schlacter.net:8500/public/FreeBSD-STABLE_and_IPFILTER.html
was a great aid.

> R

Dave

-- 
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


Relevant Pages