[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Eternal 'good file hashes' list





On Tue, 20 Oct 2009, Ralf Ertzinger wrote:

Hi.

On Tue, 20 Oct 2009 19:37:39 +0200, nodata wrote

It sounds like a solution looking for a problem to me.

Well, the problem is being able to determine whether the files on
your system have been compromised, which seems like a sensible idea
to me.

Here's a better idea:

* Host the config files for each package online, retrievable by rpm
name and version of the package. This would allow diffs between what
is on the server and what was in the package.

Or even better: keep the (compressed) config files in the RPM database.
They're usually small and text, so the disk space used would not be
all that great.

Yes, I've wished for that in the past, too.


so I have an idea here - and you're welcome to ignore it - you could implement a good bit of this system as a yum plugin.

Record original copies of the config files and tuck them away - heck you could save off a copy of the pkg hdrs if you wanted to.

-sv


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]