Subject: Re: Adding /usr/local to daily security audit
To: Jeff_W <>
From: Stefan 'Kaishakunin' Schumacher <>
List: netbsd-help
Date: 06/29/2007 10:06:56
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Also sprach Jeff_W (
> "Stefan 'Kaishakunin' Schumacher" <> wrote:
> > Mtree uses the databases (which are plain text files) in /etc/mtree/.
> > If you want to add /usr/local to the list of hierarchies to check, do
> > sth. like:
> >
> > # mtree -L -c -K sha1,rmd160,gid,uid,mode -p /usr/local > \
> /etc/
> How does the system know it's now supposed to check /usr/local during its
> daily security audit? Don't you need to add/create entries in
> /etc/mtree/special or /etc/mtree/special.local ? That was the impression
> I got from security.conf(5).
The man page is a bit unclear in that section. The skript itself
(/etc/security) runs a loop over all files in /etc/mtree/*.secure,
see line 781 (for file in /etc/mtree/*.secure; do). So any database
following the pattern of /etc/mtree/*.secure will be checked.=20
> > To do a manual check, run:
> > # mtree -L -p /usr/local -f /etc/
> I guess this could be added to /etc/security.local as an alternative
> to cron. Thing is, I really only care about the a few of the files
> under /usr/local - binaries and config files mainly. For instance,
> I've built Pike, the programming language, which has a whole lot of
> modules and libraries under /usr/local/pike/7.6.112/ . I'd rather
> not worry about most of that stuff, just the four Pike executables
> and maybe the core modules. It looks like that's what the "special"
> files are for, no?
/etc/mtree/special is required by the check_changelist option of
I do manual checking of some directorie via cron. You can use the
mtree option "-X mtree.exclude" to ignore files/dirs listed in
mtree.exclude. So if you want to ignore /usr/local/pike/7.6.112/,
just add it to mtree.exclude and run=20
mtree -L -c -K sha1,rmd160,gid,uid,mode -p /usr/local \
-X mtree.exclude > mtree.database
and via cron:
mtree -L -p /usr/local -f mtree.database -X mtree.exclude
PGP FPR: CF74 D5F2 4871 3E5C FFFE 0130 11F4 C41E B3FB AE33 =20
Worum haben die Menschen von Kindesbeinen an gebetet, wovon haben sie getr=
womit haben sie sich gequ=E4lt? Da=DF irgendeiner ihnen ein f=FCr allemal s=
age, was das
Gl=FCck ist, und sie mit einer Kette an dieses Gl=FCck schmiede. Und ist di=
es nicht=20
gerade das, was wir tun? Der uralte Traum vom Paradies ...
Jewgenij Iwanowitsch Samjatin, =BBWir=AB
Content-Type: application/pgp-signature
Content-Disposition: inline
Version: GnuPG v1.4.6 (NetBSD)