From owner-freebsd-security  Tue Feb 13 07:32:28 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id HAA17565
          for security-outgoing; Tue, 13 Feb 1996 07:32:28 -0800 (PST)
Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id HAA17558
          for <freebsd-security@FreeBSD.ORG>; Tue, 13 Feb 1996 07:32:23 -0800 (PST)
Received: by halloran-eldar.lcs.mit.edu; (5.65/1.1.8.2/19Aug95-0530PM)
	id AA30430; Tue, 13 Feb 1996 10:32:06 -0500
Date: Tue, 13 Feb 1996 10:32:06 -0500
From: "Garrett A. Wollman" <wollman@lcs.mit.edu>
Message-Id: <9602131532.AA30430@halloran-eldar.lcs.mit.edu>
To: Mark Murray <mark@grondar.za>
Cc: Jim Dennis <jimd@mistery.mcafee.com>, freebsd-security@FreeBSD.ORG
Subject: Re: tripwire, xinetd (or tcp wrappers) 
In-Reply-To: <199602130627.IAA03049@grumble.grondar.za>
References: <199602130627.IAA03049@grumble.grondar.za>
Sender: owner-security@FreeBSD.ORG
Precedence: bulk

<<On Tue, 13 Feb 1996 08:27:55 +0200, Mark Murray <mark@grondar.za> said:

> You amy want to have a look at COPS, also from CERT. FreeBSD already
> does a lot of what COPS does (scan for SUID file changes etc), but
> it will give you some ideas.

Indeed, FreeBSD already gives you the ability to scan your entire
installation for files which have changed from some pre-defined
profile; see mtree(8).  At one point in time, I created code for `make
release' which would automatically generate the appropriate mtree
files for each distribution.

-GAWollman

--
Garrett A. Wollman   | Shashish is simple, it's discreet, it's brief. ... 
wollman@lcs.mit.edu  | Shashish is the bonding of hearts in spite of distance.
Opinions not those of| It is a bond more powerful than absence.  We like people
MIT, LCS, ANA, or NSA| who like Shashish.  - Claude McKenzie + Florent Vollant