Subject: Re: Chapter 8 security
To: NetBSD Security Technical Discussion List <tech-security@NetBSD.ORG>
From: Jan Schaumann <firstname.lastname@example.org>
Date: 04/18/2004 22:19:44
Content-Type: text/plain; charset=us-ascii
Luke Mewburn <lukem@NetBSD.org> wrote:
> On Sun, Apr 18, 2004 at 02:54:34PM -0400, Greg A. Woods wrote:
> | The /etc/security support of /var/backups should even be sufficient f=
> | the purposes of auditing "all system changes", and even the granulari=
> | can be adjusted as necessary; though perhaps a well planned and deplo=
> | tripwire install (or similar scheme, e.g. with mtree) would be even
> | better.....
> NetBSD 2.0 has /etc/mtree/set.*, which contains the mtree information
> including permissions and SHA1 hashes for all the files in the given set.
Uuuh, it does? Neat! I was not aware. We should publish the hashes
for each future release so that people can easily verify the integrity
of their binaries.
If you are undertaking anything substantial, C is the only reasonable choice
of programming language.
-- UNIX User's Supplementary Documents
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)
-----END PGP SIGNATURE-----