[nycbug-talk] mtree

Andy Kosela akosela at andykosela.com
Wed Mar 4 07:39:34 EST 2009


"N. J. Thomas" <thomas at zaph.org> wrote:

> * Andy Kosela <akosela at andykosela.com> [2009-03-03 23:48:10+0000]:
> > > and also you can use something like tripwire to check your upload
> > > dirs/web application source/etc, but tripwire gets pretty tedious
> > > cause someone has to parse the input..
> > 
> > Tripwire became a bloated beast nowadays.  I'm using mtree(8) for
> > checking files integrity and it is a very good tool for such job.
>
> Interesting, I use aide. It is a little old (the last release was in
> 2006, and IIRC it was dormant for a while before that), but it does the
> trick.
>
> If you're familiar with aide, how would you compare it with mtree?

Aide is a good alternative to tripwire if you happen to have a mixed
environment consisting of several UNIX flavors.  It is the default
integrity scanner for RHEL, but can run as well on FreeBSD, HP-UX, 
Solaris, AIX, you name it.

I use mtree(8) because:
	* At the moment I'm using it for the hosts in public DMZ (and I
	  have FreeBSD machines there only).
	* It is much simpler and straightforward than aide.  I usually
	  use the most simple program to do the job, and mtree(8) is
	  already in the base system, and seems reasonably fast.  

Also I recommend you read 'man 7 security', section about 'Checking File
Integrity' for some nice techniques to implement in this scenario.

--Andy



More information about the talk mailing list