mtree vs tripwire
Gregory Neil Shapiro
gshapiro at freebsd.org
Wed Jan 14 10:27:57 PST 2004
> Is your reply from personal experience, or is it the same "Hey, it
> could..." as is my question? If the former, would you elaborate on the
> implementation details?
I use:
mtree -K sha1digest -c -X mtree.exclude -p / > mtree.out
where mtree.exclude is:
./home
./mnt
./proc
./tmp
./var/account
./var/backups
./var/db
./var/imap
./var/lock
./var/log
./var/mail
./var/run
./var/spool
./var/tmp
Although I am sure there is a better way to do it with mtree, to
see if something has changed, I repeat the process and diff the
output.
More information about the freebsd-security
mailing list