I'd like to use "freebsd-update IDS" as a simple intrusion check. I have
a separate mechanism to test that
freebsd-update itself hasn't been modified.
However I get lots of lines like this:
/usr/share/man/man4/if_ixgbe.4.gz has SHA256 hash
859cc19faf7a511755409aa143b24ccb2c998bbc99a5972d1d7aa70f37611a65, but
should have SHA256 hash
5652698ae3834e8cfbb2d0e5a95fe7984a6656f0a6c792e88ea8f2c75873555e.
Two questions:
1. What causes these mismatches? Does IDS not take into account minor
updates or something else?
2. Is there a simple way to fix this that doesn't involve a system
reinstall? Just unzip the FreeBSD tz files and copy over the relevant
bits? Could that be added as a feature to the IDS command?
Ari
_______________________________________________
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
