Subject: Musings on mtree(8) and syspkg
To: None <current-users@netbsd.org, tech-pkg@netbsd.org>
From: George Coulouris <george@coulouris.org>
List: tech-pkg
Date: 03/31/2002 20:07:24
1. Is there a way to have mtree compare two previously-stored
specifications, as opposed to comparing a stored spec against the current
file hierarchy? I'm thinking of adding an mtree job to /etc/weekly and
keeping a few weeks worth of output for auditing purposes.

Currently, the only way I can do this is to do:

mtree -c -x -K md5 -p /foo >foo.mtree.0

.. week passes ..

mtree -f foo.mtree.0 -K md5 -p /foo >foo.mtree.comparison.0
mtree -c -x -K md5 -p /foo >foo.mtree.1

.. and so on.

The problem with this method is that it requires two passes of mtree; one to
produce the comparison, and one to generate the new spec. I'm doing md5's to
keep an eye out for silent corruption/failing media/etc. Ideally, I'd like
to flag files whose md5 has changed but other metadata (size, mod time) have
not.

2. How about enabling md5 support in syspkg (or in pkgsrc as a whole) by
default? This would make tripwire-like auditing of system integrity very
easy.

Comments?

-- 
George Coulouris -- firstname at lastname dot org