On Fri, 27 Dec 2002, Sam Carleton wrote:

> It is my understanding that the correct way to secure mtree is
> to put the files it uses to check the system files agains't
> onto a read only media.  Where might mtree keep these cached
> files?  How to I tell it to find the cached files elsewhere?

man security.conf # read about check_mtree and check_changelist

The mtree specification files are hard-coded in /etc/security. Try
modifying the special_files in your /etc/security to point to some mtree
specification on your read-only media.

By the way, if they can edit the /etc/security, mtree or related, then I
guess this (keepinng specification on read-only) doesn't matter.

Also, you may want look at configuring your specifications to contain more
attributes like sha1 digests and last modification time of the files.

   Jeremy C. Reed
   http://bsd.reedmedia.net/