I'd also suggest you take a look at using mtree for tripwire-like functionality into the future - its primary purpose is to be able to take the specification for a directory tree and either report differences or make the filesystem conform to the specification.
not sure whether it is used in the base FreeBSD system but it's definitely part of NetBSD where it is used to confirm the permissions and other metadata information for files from each of the release tarballs and (iirc) runs once a week as part of normal system cron mtree can also be turned on a directory tree to capture a specification that matches it ... it is better than find in this instance for comparing the state of a filesystem over time as it can be set to calculate file digests by a variety of algorithms and produce output that can be parsed and compared against later (which can be difficult with the -ls output from find) I also found a copy of it to run on Solaris to confirm that changes we were making to our source only had the desired impacts to large application data sets as part of our upgrade process plus until I mentioned it here, it might have been obscure enough for it not to be trojanned by a rootkit ... :) Hope that helps, Malcolm -- Malcolm Herbert m...@mjch.net _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
