[nycbug-talk] mtree
Andy Kosela
akosela at andykosela.com
Wed Mar 4 07:39:34 EST 2009
"N. J. Thomas" <thomas at zaph.org> wrote:
> * Andy Kosela <akosela at andykosela.com> [2009-03-03 23:48:10+0000]:
> > > and also you can use something like tripwire to check your upload
> > > dirs/web application source/etc, but tripwire gets pretty tedious
> > > cause someone has to parse the input..
> >
> > Tripwire became a bloated beast nowadays. I'm using mtree(8) for
> > checking files integrity and it is a very good tool for such job.
>
> Interesting, I use aide. It is a little old (the last release was in
> 2006, and IIRC it was dormant for a while before that), but it does the
> trick.
>
> If you're familiar with aide, how would you compare it with mtree?
Aide is a good alternative to tripwire if you happen to have a mixed
environment consisting of several UNIX flavors. It is the default
integrity scanner for RHEL, but can run as well on FreeBSD, HP-UX,
Solaris, AIX, you name it.
I use mtree(8) because:
* At the moment I'm using it for the hosts in public DMZ (and I
have FreeBSD machines there only).
* It is much simpler and straightforward than aide. I usually
use the most simple program to do the job, and mtree(8) is
already in the base system, and seems reasonably fast.
Also I recommend you read 'man 7 security', section about 'Checking File
Integrity' for some nice techniques to implement in this scenario.
--Andy
More information about the talk
mailing list