Working on a security program
Jeremy C. Reed
reed at reedmedia.net
Tue Mar 30 10:08:50 PDT 2010
On Tue, 30 Mar 2010, Walter wrote:
> And I'm thinking it'd be good to check if any of the system
> programs are changed - check the date-time stamp and size.
> These sorts of things can be done on a low rate periodic
> interval.
See mtree. It can be used to periodically check if files changed. It can
create a specification which lists the files and attributes and then
later you can use mtree to compare the actual files with that previous
specification.
Also run "pkg_admin check" (with -q if you want) for checking package
provided files.
More information about the Users
mailing list