[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Checksumming layer


On Fri, Jan 11, 2008 at 01:55:46PM -0600, tweeks wrote:
> On Friday 11 January 2008 06:44, Jeremy Sanders wrote:
> > Jordi Prats wrote:
> > > You could use tripwire to check periodically all files instead of relay
> > > on the file system for that task. (I think no file system does this
> > > checking by now)
> >
> > That's a possible idea.
> >
> > I would have thought it would be relatively simple to write a block device
> > which acted a layer between the file system and real block device. I
> > suppose the difficultly is getting all the corner cases correct. I've never
> > written any kernel code, so maybe I should investigate doing that for
> > fun...
> All files in the system are already hashed.  You can see this by doing 
> an "rpm -Va".  For example.. to create a baseline of a system to compare 
> against, just cron a script to:
> 	rpm -Va > /root/RPMV/system-rpm-baseline.txt
> then once/day or whatever, do a diff... or just grep for any "bin" directory 
> changes and diff that.  I like this better than messing with tripwire.  It's 
> already there, native, and easy to use.

This is specific to:

* RPM-based systems
* files provided by RPMs

Consequently, it's only useful on certain systems, and, even then, only with
certain files.  That's not very good coverage, is it?

This is especially true when you consider that the files that came from the
package manager are usually the ones that you don't care about as much when
you've lost data.

Forest Bond

Attachment: signature.asc
Description: Digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]