Thanks everyone!
On 02/24/16 09:04, Roger Marquis wrote:
Hi. Is there any reliable way to verify checksums of all local files
for some FreeBSD installation? E.g. I'm using a hoster which provides
pre-deployed FreeBSD instances, how can I be sure there are no any
patches\changes in a kernel\services etc?
At the filesystem-level there's security/integrit which we use with a
wrapper script for readable reports. Integrit replaced tripwire when
that company moved away from FOSS.
From the configuration-level there's 'pkg info', 'sysrc -a', 'ipfw sh',
... and of course the parsed output from /var/log/* to add real-time
monitoring.
I also recommend supplementing these tools with revision tracking for
anything host-specific and non-binary such as /etc/periodic/*/* and
/etc/rc.*. RCS works well for this on the localhost-level. On a large
scale ansible is my tool of choice for pulling this information from any
number of hosts into hg or git from which deltas and other reports can be
easily generated.
If you manage a large number of hosts and are interested in helping to
pull all of these tools into a pkg/port let me know.
Roger
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
