Date: 15 Jan 2004 08:38:55 -0500 From: Lowell Gilbert <freebsd-security-local@be-well.ilk.org> To: Gregory Neil Shapiro <gshapiro@freebsd.org> Cc: security at FreeBSD <freebsd-security@freebsd.org> Subject: Re: mtree vs tripwire Message-ID: <44oet5mivk.fsf@be-well.ilk.org> Resent-Message-ID: <20040116152927.696F73A@be-well.no-ip.com> In-Reply-To: <20040114182755.GX50342@horsey.gshapiro.net> References: <20040114134215.GA21307@sheol.localdomain> <20040114180931.GA17074@miracle.mongers.org> <20040114182154.GA22444@sheol.localdomain> <20040114182755.GX50342@horsey.gshapiro.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Gregory Neil Shapiro <gshapiro@freebsd.org> writes: > > Is your reply from personal experience, or is it the same "Hey, it > > could..." as is my question? If the former, would you elaborate on the > > implementation details? > > I use: > > mtree -K sha1digest -c -X mtree.exclude -p / > mtree.out > > where mtree.exclude is: > > ./home > ./mnt > ./proc > ./tmp > ./var/account > ./var/backups > ./var/db > ./var/imap > ./var/lock > ./var/log > ./var/mail > ./var/run > ./var/spool > ./var/tmp > > Although I am sure there is a better way to do it with mtree, to > see if something has changed, I repeat the process and diff the > output. That would be mtree < mtree.out to have mtree do it itself.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44oet5mivk.fsf>