Inmutable bit in some binaries
Peter Jeremy
peterjeremy at acm.org
Sun Feb 7 21:56:29 UTC 2010
On 2010-Feb-06 12:11:08 +0100, Pascal Stumpf <Pascal.Stumpf at cubes.de> wrote:
>just another idea: You may want to take a look at integrity checking systems
>as an alternative, i.e. tripwire.
Note that mtree(8) supports the integrity checking functionality of
tripwire and is in the base system. (It doesn't have all the bells
and whistles of tripwire and so isn't suitable for all cases).
If you do go for an integrity checking system, remember to ensure
that everything that your integrity checking system relies on (ie
executable, database, shared libraries) is immutable - as well as
the shell/cron that runs it and however the results are reported.
--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20100207/7c262b98/attachment.pgp
More information about the freebsd-stable
mailing list