[nycbug-talk] Searching for suspect PHP files...

Matt Juszczak matt at atopia.net
Mon Mar 9 13:10:58 EDT 2009

> The only document you need is 'man mtree'.  There is no default mtree
> specification file generated with at least sha256digest, and that's what
> you need.  You also need to make sure to exclude (-X filename) any
> directories with dynamically generated files.  For the overall security
> of the site installing some type of WAF could help, like mod-security2.
> # mtree -c -K sha256digest -X mtree.exclude -p /path > host.mtree
> # mtree -X mtree.exclude -p /path < host.mtree
> That's only two commands you need to know.  Of course you can script it
> to send you alerts via email etc.
> --Andy


Understood, but if I'm trying to compare files that came with the default 
FreeBSD 6.3-RELEASE installation (to protect from rootkits), wouldn't 
running a command on ANY 6.3-RELEASE install that I know to be correct 

More information about the talk mailing list