Subject: Musings on mtree(8) and syspkg
To: None <current-users@netbsd.org, tech-pkg@netbsd.org>
From: George Coulouris <george@coulouris.org>
List: current-users
Date: 03/31/2002 20:07:24
1. Is there a way to have mtree compare two previously-stored
specifications, as opposed to comparing a stored spec against the current
file hierarchy? I'm thinking of adding an mtree job to /etc/weekly and
keeping a few weeks worth of output for auditing purposes.
Currently, the only way I can do this is to do:
mtree -c -x -K md5 -p /foo >foo.mtree.0
.. week passes ..
mtree -f foo.mtree.0 -K md5 -p /foo >foo.mtree.comparison.0
mtree -c -x -K md5 -p /foo >foo.mtree.1
.. and so on.
The problem with this method is that it requires two passes of mtree; one to
produce the comparison, and one to generate the new spec. I'm doing md5's to
keep an eye out for silent corruption/failing media/etc. Ideally, I'd like
to flag files whose md5 has changed but other metadata (size, mod time) have
not.
2. How about enabling md5 support in syspkg (or in pkgsrc as a whole) by
default? This would make tripwire-like auditing of system integrity very
easy.
Comments?
--
George Coulouris -- firstname at lastname dot org