Hello, an idea popped into my mind while talking about security and intrusion detection.
Host based ID may use Checksumming for file change tracking. It works like this: Once installed and knowning the software is "OK", a baseline is created. Then in every check - verify the current status of the data with the baseline and report changes. An example for this is AIDE. The difficult part is the checksumming - this takes time. My idea would be to use ZFS snapshots for this. baseline creation = create snapshot baseline verification = verify the checksums of the objects and report objects diffent This could work for non-zvol environments. Is it possible to extract the checksums of ZFS objects with a command line tool ? Regards, Robert -- This message posted from opensolaris.org _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
