Re: mtree vs tripwire

From: Dorin H (bj93542_at_yahoo.com)
Date: 01/14/04

  • Next message: Illia Baidakov: "kerberos5 authentication of ssh connections"
    Date: Wed, 14 Jan 2004 11:17:22 -0800 (PST)
    To: hawkeyd@visi.com
    
    

    --- D J Hawkey Jr <hawkeyd@visi.com> wrote:
    > Hi all.
    >
    > This might seem really naive, but can mtree be used
    > effectively as
    > a native-to-core-OS tripwire equivalent? Would it be
    > as efficient in
    > terms of time-to-run and resource requirements?
    >
    Theoretically, and practical for small configurations,
    yes.

    > What sort of pitfalls should I be aware of?
    >

    IMHO, you can use any tool you want to compute some
    "signature" for files you deem relevant. But you have
    to carefully consider the scalability problem, the
    problem of false/negatives (how you/your program deal
    with a modified file? bin/config/data/tmp file) and so
    on. Tripwire (coorect me if I am wrong, but last time
    I looked it was still to be updated in FreeBSD, focus
    was on "aide") is a targetted tool that helps with the
    information management... probably bloated :). Like
    any tool, it is up to you to decide what's useful or
    not ;)
    HTH,
    /Dorin.

    > Has anyone here done this? If so, would you care to
    > share your
    > scripts/techniques?
    >
    > Thanks,
    > Dave
    >
    > --
    > ______________________
    > ______________________
    > \__________________ \ D. J. HAWKEY JR. /
    > __________________/
    > \________________/\ hawkeyd@visi.com
    > /\________________/
    > http://www.visi.com/~hawkeyd/
    >
    > _______________________________________________
    > freebsd-security@freebsd.org mailing list
    >
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    > To unsubscribe, send any mail to
    "freebsd-security-unsubscribe@freebsd.org"

    __________________________________
    Do you Yahoo!?
    Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
    http://hotjobs.sweepstakes.yahoo.com/signingbonus
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Illia Baidakov: "kerberos5 authentication of ssh connections"

    Relevant Pages