Date: Mon, 1 Mar 2021 09:51:32 -0700 From: Gary Aitken <freebsd@dreamchaser.org> To: "Steve O'Hara-Smith" <steve@sohara.org>, freebsd-questions@freebsd.org Subject: Re: installed ports library audit? Message-ID: <4a1160b1-a6a2-6bc1-cb37-476d89ef1ff3@dreamchaser.org> In-Reply-To: <20210301160552.454db2bec5975457026c57ba@sohara.org> References: <a99e82cc-da39-70e8-f3b1-7b250250876a@dreamchaser.org> <97db8511-c5e0-26cc-5e56-4dfa976d7d12@FreeBSD.org> <0935eab6-d458-2c3e-3f8a-a6879fe27363@FreeBSD.org> <efddda4a-d2a6-a1ab-9b7f-0a03b8cba1e8@dreamchaser.org> <20210301160552.454db2bec5975457026c57ba@sohara.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3/1/21 9:05 AM, Steve O'Hara-Smith wrote: > On Mon, 1 Mar 2021 08:54:53 -0700 > Gary Aitken <freebsd@dreamchaser.org> wrote: > >> Is there a similar check for the base system install? I see security >> audits but those are event related. > > freebsd-update IDS - note caveats in man page. Thanks. The results are mostly tweaked files in /etc, which is not in /usr, which was the problem filesystem, so I should be ok there. I'm puzzled by a symlink complaint, though: /usr/src/contrib/tcpdump/README is a symlink, should be a regular file It's a symlink to README.md, which seems reasonable and deliberate. For future disasters... If I needed to, is there a master easy to get at that I can diff against to see what the changes to things like /etc/passwd are? I could regenerate the .db files if I knew the source was ok, but to check that I would need to be able to diff. Gary
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4a1160b1-a6a2-6bc1-cb37-476d89ef1ff3>