Solene Rapenne wrote: > > Je 2017-06-14 01:47, G skribis: > > Well as far as /var goes i decided to take a closer look because i am > > thinking running aide for system integrity check. So this my > > rsnapshot.conf > > > > Recently I've been investigating software for integrity check, you have > choice : > > - sysutils/bitrot > - a daily mtree as it's done for /etc ; see security(8) > - archivers/par2cmdline (which can also repair files) > - sysutils/aide > > I wouldn't really recommend AIDE. bitrot is a lot easier to use. > > I wrote an article about data integrity software : > > http : https://dataswamp.org/~solene/article-integrity.html
Thank you so much for bringing this important topic back to the attention of the list subscribers and for writing that wonderful article. Note that OpenBSD keeps the last two versions of all important system files from /etc and /var in /var/backups (one more reason for backing up /var). The greatest benefit of porting an advanced file system like HAMMER 2 (if Matt ever finishes his work) is in data integrity area (assuming that HAMMER 2 will support copy-on-write, check-sums, and consistency check like HAMMER 1). Self-healing which unlike on ZFS is not automatically done on HAMMER 1 would be nice to have as well. Speaking as somebody who spends to much time for my own good working with big data guys I see another security benefit of "data integrity" checks. Namely a good data integrity/anomaly detection could go a long way as a host-based intrusion detection monitoring/protection. No other OS is so perfectly position as OpenBSD to take advantage of those advanced file systems features, having already things like pledge, W^X, and possibly soon KARL running by default. https://marc.info/?l=openbsd-tech&m=149732026405941&w=2 Best, Predrag