Re: mtree vs tripwire

From: Dorin H (bj93542_at_yahoo.com)
Date: 01/14/04

Next message: Illia Baidakov: "kerberos5 authentication of ssh connections"

Previous message: D J Hawkey Jr: "Re: mtree vs tripwire"
In reply to: D J Hawkey Jr: "mtree vs tripwire"
Next in thread: Garrett Wollman: "mtree vs tripwire"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 14 Jan 2004 11:17:22 -0800 (PST)
To: hawkeyd@visi.com

--- D J Hawkey Jr <hawkeyd@visi.com> wrote:
> Hi all.
>
> This might seem really naive, but can mtree be used
> effectively as
> a native-to-core-OS tripwire equivalent? Would it be
> as efficient in
> terms of time-to-run and resource requirements?
>
Theoretically, and practical for small configurations,
yes.

> What sort of pitfalls should I be aware of?
>

IMHO, you can use any tool you want to compute some
"signature" for files you deem relevant. But you have
to carefully consider the scalability problem, the
problem of false/negatives (how you/your program deal
with a modified file? bin/config/data/tmp file) and so
on. Tripwire (coorect me if I am wrong, but last time
I looked it was still to be updated in FreeBSD, focus
was on "aide") is a targetted tool that helps with the
information management... probably bloated :). Like
any tool, it is up to you to decide what's useful or
not ;)
HTH,
/Dorin.

> Has anyone here done this? If so, would you care to
> share your
> scripts/techniques?
>
> Thanks,
> Dave
>
> --
> ______________________
> ______________________
> \__________________ \ D. J. HAWKEY JR. /
> __________________/
> \________________/\ hawkeyd@visi.com
> /\________________/
> http://www.visi.com/~hawkeyd/
>
> _______________________________________________
> freebsd-security@freebsd.org mailing list
>
http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
"freebsd-security-unsubscribe@freebsd.org"

__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

Next message: Illia Baidakov: "kerberos5 authentication of ssh connections"

Previous message: D J Hawkey Jr: "Re: mtree vs tripwire"
In reply to: D J Hawkey Jr: "mtree vs tripwire"
Next in thread: Garrett Wollman: "mtree vs tripwire"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: "File size limit exceeded" problem in Red Hat 8
... a previous post) which comes standard in most RH installs, ... "File size limit exceeded" problem in Red Hat 8 ... > Do you Yahoo!? ... unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe ...
(RedHat)
Re: Problem with kdvi font rendering after sarge-->etch upgrade
... I have no trouble opening these doucments on my ... Do You Yahoo!? ... Mail has the best spam protection around ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
(Debian-User)
RE: Ethernet & DHCP Fails on Cable Modem to Internet
... > When I try to activate eth0 using the Network ... > Do you Yahoo!? ...
(RedHat)
Re: would someone shed me light on how to remove a debian pakcage?
... I believe that Microsoft its internal quality control ... Do You Yahoo!? ... Mail has the best spam ... with a subject of "unsubscribe". ...
(Debian-User)
Re: Re[2]: Defragmentation needed with FreeBSD ...
... multiple CDs less of a performance. ... Some people use external USB hard drives. ... >> To unsubscribe, send any mail to ... > Do You Yahoo!? ...
(freebsd-questions)