Re: tripwire and device numbers



"Poul-Henning Kamp" <phk@xxxxxxxxxxxxxx> writes:
Mike Tancsa <mike@xxxxxxxxxx> writes:
While getting a box ready for deployment, I noticed on two
occasions, I would get some exception reports flagging all files as
the underlying device number through reboots had changed. Is this
"normal" for Tripwire and FreeBSD ? (RELENG_7)
Yes, device numbers in freebsd carry no meaning, unless it is a compat
/dev directory to boot ancient systems (SunOS, very old FreeBSD etc)
diskless.

In general, tripwire should ignore devfs and possibly all pseudo-fs
mount-points.

Nothing to do with devfs; IIUC, tripwire is complaining about st.st_dev
on regular files and directories.

DES
--
Dag-Erling Smørgrav - des@xxxxxx
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: tripwire and device numbers
    ... underlying device number through reboots had changed. ... Yes, device numbers in freebsd carry no meaning, unless it is ... tripwire should ignore devfs and possibly all pseudo-fs ...
    (FreeBSD-Security)
  • Re: tripwire and device numbers
    ... underlying device number through reboots had changed. ... "normal" for Tripwire and FreeBSD? ... FreeBSD does not have fixed device numbers, ...
    (FreeBSD-Security)
  • Re: 5.X Tripwire Policy File
    ... An unofficial freebsd ... > tuning my tripwire policy file. ... > # provided the copyright notice and this permission notice are preserved on all ...
    (FreeBSD-Security)
  • Re: tripwire
    ... Tripwire has released the source on sourceforge. ... >> FreeBSD using native FreeBSD binaries. ... The policy file shipped with the source ... >> generic policy file similar to the generic nature of the tripwire-131 ...
    (FreeBSD-Security)
  • 5.X Tripwire Policy File
    ... tuning my tripwire policy file. ... may be missing a critical element of 5.X in my policy file. ... Your FreeBSD ... rulename = "Tripwire Data Files", ...
    (FreeBSD-Security)