verify FreeBSD installation
Robert Ayrapetyan
robert.ayrapetyan at gmail.com
Thu Feb 25 05:38:49 UTC 2016
Thanks everyone!
On 02/24/16 09:04, Roger Marquis wrote:
>> Hi. Is there any reliable way to verify checksums of all local files
>> for some FreeBSD installation? E.g. I'm using a hoster which provides
>> pre-deployed FreeBSD instances, how can I be sure there are no any
>> patches\changes in a kernel\services etc?
>
> At the filesystem-level there's security/integrit which we use with a
> wrapper script for readable reports. Integrit replaced tripwire when
> that company moved away from FOSS.
>
> From the configuration-level there's 'pkg info', 'sysrc -a', 'ipfw sh',
> ... and of course the parsed output from /var/log/* to add real-time
> monitoring.
>
> I also recommend supplementing these tools with revision tracking for
> anything host-specific and non-binary such as /etc/periodic/*/* and
> /etc/rc.*. RCS works well for this on the localhost-level. On a large
> scale ansible is my tool of choice for pulling this information from any
> number of hosts into hg or git from which deltas and other reports can be
> easily generated.
>
> If you manage a large number of hosts and are interested in helping to
> pull all of these tools into a pkg/port let me know.
>
> Roger
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list