integrit-users Mailing List for integrit file verification system (Page 2)
Brought to you by:
ecashin
Menu
▾
▴
integrit-users — mailing list for discussion of issues related to using integrit
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(9) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(10) |
Feb
(27) |
Mar
(5) |
Apr
(1) |
May
(1) |
Jun
(12) |
Jul
(5) |
Aug
(14) |
Sep
(6) |
Oct
(31) |
Nov
(6) |
Dec
(4) |
| 2002 |
Jan
(2) |
Feb
(13) |
Mar
(2) |
Apr
(3) |
May
(2) |
Jun
(2) |
Jul
(5) |
Aug
(6) |
Sep
(13) |
Oct
(1) |
Nov
(1) |
Dec
(1) |
| 2003 |
Jan
(8) |
Feb
|
Mar
(2) |
Apr
|
May
(2) |
Jun
|
Jul
(8) |
Aug
(5) |
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2004 |
Jan
|
Feb
(4) |
Mar
(1) |
Apr
(4) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2005 |
Jan
(1) |
Feb
|
Mar
|
Apr
(5) |
May
(5) |
Jun
|
Jul
|
Aug
|
Sep
(5) |
Oct
(5) |
Nov
|
Dec
(1) |
| 2006 |
Jan
|
Feb
|
Mar
(2) |
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(15) |
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(6) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: PolicyBoy <tno...@fr...> - 2007-05-07 16:25:26
|
I have an issue with Integrit 3.0.2. on OpenBSD 3.6 I have a script that runs fine when invoked manually from command line as root. When it is invoked from root's crontab it produces and empty file. Any ideas? Here is the script. integreport=/root/integrit/jz.$(date +%m%d%y).output integrit -C /cdrom/integrit/iar_root.conf -c > $integreport |
|
From: Yuri D'E. <wa...@yu...> - 2006-04-28 14:33:13
|
On Apr 28, 2006, at 15:26, MA wrote: > How Integrit get the date of a file ? with stat(2). > Example: > > i-ls /bin/readlink > return > a(20060428-141828) m(20040716-133705) c(20060427-132832) i-ls without arguments computes a checksum of the file, which updates atime. Use i-ls -s. > this is m (modification) but how can I get a (access time) and c > (creation > time) ? ctime is inode status change, not just creation. Try: $ i-ls -s file $ stat file |
|
From: MA <kzc...@je...> - 2006-04-28 13:26:36
|
How Integrit get the date of a file ? Example: i-ls /bin/readlink return a(20060428-141828) m(20040716-133705) c(20060427-132832) ls /bin/readlink -l --time-style=full-iso return 2004-07-16 13:37:05 this is m (modification) but how can I get a (access time) and c (creation time) ? ls /bin/readlink -lu --time-style=full-iso return 2006-04-28 14:23:29 It's doesn't match |
|
From: Yuri D'E. <wa...@yu...> - 2006-04-07 12:12:27
|
Hi all, an integrit 4.0 release candidate is available. Download it from http://www.yuv.info/~wavexx/tmp/integrit-4.0.tar.gz md5: cdab78fb9cfaadaa7ea2b042f5ce0f58 (or pull the sources from cvs directly). A list of changes relative to 4.0 can be found in the README's "NEW IN 4.0" section. I'm interested in knowing if this: http://sourceforge.net/mailarchive/forum.php? thread_id=9334037&forum_id=5752 still applies. My proposal is, if no feedback is received within some days, to release it. I was able to test the changes on linux, sgi, aix (modulo usual braindead configure whacking) and darwin. Ed, whenever you want, tag the cvs, upload the tar to sf and make it public. |
|
From: Zarcomm C. <co...@ma...> - 2006-03-08 18:17:32
|
Here's a little more info; I was wrong about what was being swapped with what, but the mtimes were definintely changed. Here's info on /sbin/adsl* files first, the database run: [root@system run]# ../sbin/i-viewdb -s ../db/system.cdb.new | egrep 'sbin/adsl' | egrep -v usr /sbin/adsl-setup i(1065172) p(755) l(1) u(0) g(0) z(12886) a(20060307-113619) m(20050221-091659) c(20060223-115000) /sbin/adsl-status i(1065174) p(755) l(1) u(0) g(0) z(2748) a(20060307-113619) m(20050221-091659) c(20060223-115000) /sbin/adsl-start i(1065173) p(755) l(1) u(0) g(0) z(6451) a(20060307-113619) m(20050221-091659) c(20060223-115000) /sbin/adsl-stop i(1065175) p(755) l(1) u(0) g(0) z(3030) a(20060307-113619) m(20050221-091659) c(20060223-115000) /sbin/adsl-connect i(1065171) p(755) l(1) u(0) g(0) z(10110) a(20060307-113619) m(20050221-091659) c(20060223-115000) Next, some stat-s of files as they are now: [root@system run]# stat /sbin/adsl* File: `/sbin/adsl-connect' Size: 10110 Blocks: 32 IO Block: 4096 regular file Device: fd00h/64768d Inode: 1065171 Links: 1 Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2006-03-07 23:10:58.000000000 -0800 Modify: 2006-02-23 11:50:00.000000000 -0800 Change: 2006-03-07 23:33:09.000000000 -0800 File: `/sbin/adsl-setup' Size: 12886 Blocks: 40 IO Block: 4096 regular file Device: fd00h/64768d Inode: 1065172 Links: 1 Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2006-03-07 23:10:55.000000000 -0800 Modify: 2006-02-23 11:50:00.000000000 -0800 Change: 2006-03-07 23:33:06.000000000 -0800 File: `/sbin/adsl-start' Size: 6451 Blocks: 24 IO Block: 4096 regular file Device: fd00h/64768d Inode: 1065173 Links: 1 Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2006-03-07 23:10:57.000000000 -0800 Modify: 2006-02-23 11:50:00.000000000 -0800 Change: 2006-03-07 23:33:09.000000000 -0800 File: `/sbin/adsl-status' Size: 2748 Blocks: 16 IO Block: 4096 regular file Device: fd00h/64768d Inode: 1065174 Links: 1 Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2006-03-07 23:10:55.000000000 -0800 Modify: 2006-02-23 11:50:00.000000000 -0800 Change: 2006-03-07 23:33:07.000000000 -0800 File: `/sbin/adsl-stop' Size: 3030 Blocks: 16 IO Block: 4096 regular file Device: fd00h/64768d Inode: 1065175 Links: 1 Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2006-03-07 23:10:57.000000000 -0800 Modify: 2006-02-23 11:50:00.000000000 -0800 Change: 2006-03-07 23:33:09.000000000 -0800 [root@system run]# This is just a web server--we don't use these programs. Thanks again, Alex On Wed, 8 Mar 2006, Zarcomm Consulting wrote: > Hello, > > I've got a Centos 4.2 box one which I installed integrit, > made my first run thusly > > integrit -C twpol.txt -u > > then my first check maybe 20 minutes later thusly > > integrit -C twpol.txt -c > > and for some strange reason, a bunch of files that should > not have been modified in any way were, these in /sbin > being typical: > > changed: /sbin/adsl-setup m(20050221-091659:20060223-115000) > changed: /sbin/adsl-status m(20050221-091659:20060223-115000) > changed: /sbin/accton m(20050409-060012:20060223-114730) > changed: /sbin/arping m(20050822-200907:20060223-113357) > changed: /sbin/adsl-start m(20050221-091659:20060223-115000) > changed: /sbin/adsl-stop m(20050221-091659:20060223-115000) > changed: /sbin/alsactl m(20050823-030545:20060223-115252) > changed: /sbin/adsl-connect m(20050221-091659:20060223-115000) > changed: /sbin/avmcapictrl m(20050221-145316:20060223-114946) > > The new date-time is basically the installation date-time. > > Here's something useful: > > [root@system sbin]# ls -l | head > total 16444 > -rwxr-xr-x 1 root root 6720 Feb 23 11:47 accton > -rwxr-xr-x 1 root root 5244 Aug 21 2005 addpart > -rwxr-xr-x 1 root root 10110 Feb 23 11:50 adsl-connect > -rwxr-xr-x 1 root root 12886 Feb 23 11:50 adsl-setup > -rwxr-xr-x 1 root root 6451 Feb 23 11:50 adsl-start > -rwxr-xr-x 1 root root 2748 Feb 23 11:50 adsl-status > -rwxr-xr-x 1 root root 3030 Feb 23 11:50 adsl-stop > -rwxr-xr-x 1 root root 19988 Aug 21 2005 agetty > -rwxr-xr-x 1 root root 35760 Feb 23 11:52 alsactl > > [root@system sbin]# ls -lu | head > total 16444 > -rwxr-xr-x 1 root root 6720 Mar 7 23:10 accton > -rwxr-xr-x 1 root root 5244 Mar 7 11:36 addpart > -rwxr-xr-x 1 root root 10110 Mar 7 23:10 adsl-connect > -rwxr-xr-x 1 root root 12886 Mar 7 23:10 adsl-setup > -rwxr-xr-x 1 root root 6451 Mar 7 23:10 adsl-start > -rwxr-xr-x 1 root root 2748 Mar 7 23:10 adsl-status > -rwxr-xr-x 1 root root 3030 Mar 7 23:10 adsl-stop > -rwxr-xr-x 1 root root 19988 Mar 7 11:36 agetty > -rwxr-xr-x 1 root root 35760 Mar 7 23:10 alsactl > > [root@system sbin]# ls -lc | head > total 16444 > -rwxr-xr-x 1 root root 6720 Mar 7 23:33 accton > -rwxr-xr-x 1 root root 5244 Mar 7 23:30 addpart > -rwxr-xr-x 1 root root 10110 Mar 7 23:33 adsl-connect > -rwxr-xr-x 1 root root 12886 Mar 7 23:33 adsl-setup > -rwxr-xr-x 1 root root 6451 Mar 7 23:33 adsl-start > -rwxr-xr-x 1 root root 2748 Mar 7 23:33 adsl-status > -rwxr-xr-x 1 root root 3030 Mar 7 23:33 adsl-stop > -rwxr-xr-x 1 root root 19988 Mar 7 23:30 agetty > -rwxr-xr-x 1 root root 35760 Mar 7 23:33 alsactl > > The config directive used for /sbin was > > /sbin pilugsrmzAC > > > Anyways, hope I'm wrong, but please let me know what's going on. > > > Thanks, > > Alex > > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting language > that extends applications into web and mobile media. Attend the live webcast > and join the prime developer group breaking into this new coding territory! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 > _______________________________________________ > Integrit-users mailing list > Int...@li... > https://lists.sourceforge.net/lists/listinfo/integrit-users > |
|
From: Zarcomm C. <co...@ma...> - 2006-03-08 09:00:24
|
Hello, I've got a Centos 4.2 box one which I installed integrit, made my first run thusly integrit -C twpol.txt -u then my first check maybe 20 minutes later thusly integrit -C twpol.txt -c and for some strange reason, a bunch of files that should not have been modified in any way were, these in /sbin being typical: changed: /sbin/adsl-setup m(20050221-091659:20060223-115000) changed: /sbin/adsl-status m(20050221-091659:20060223-115000) changed: /sbin/accton m(20050409-060012:20060223-114730) changed: /sbin/arping m(20050822-200907:20060223-113357) changed: /sbin/adsl-start m(20050221-091659:20060223-115000) changed: /sbin/adsl-stop m(20050221-091659:20060223-115000) changed: /sbin/alsactl m(20050823-030545:20060223-115252) changed: /sbin/adsl-connect m(20050221-091659:20060223-115000) changed: /sbin/avmcapictrl m(20050221-145316:20060223-114946) The new date-time is basically the installation date-time. Here's something useful: [root@system sbin]# ls -l | head total 16444 -rwxr-xr-x 1 root root 6720 Feb 23 11:47 accton -rwxr-xr-x 1 root root 5244 Aug 21 2005 addpart -rwxr-xr-x 1 root root 10110 Feb 23 11:50 adsl-connect -rwxr-xr-x 1 root root 12886 Feb 23 11:50 adsl-setup -rwxr-xr-x 1 root root 6451 Feb 23 11:50 adsl-start -rwxr-xr-x 1 root root 2748 Feb 23 11:50 adsl-status -rwxr-xr-x 1 root root 3030 Feb 23 11:50 adsl-stop -rwxr-xr-x 1 root root 19988 Aug 21 2005 agetty -rwxr-xr-x 1 root root 35760 Feb 23 11:52 alsactl [root@system sbin]# ls -lu | head total 16444 -rwxr-xr-x 1 root root 6720 Mar 7 23:10 accton -rwxr-xr-x 1 root root 5244 Mar 7 11:36 addpart -rwxr-xr-x 1 root root 10110 Mar 7 23:10 adsl-connect -rwxr-xr-x 1 root root 12886 Mar 7 23:10 adsl-setup -rwxr-xr-x 1 root root 6451 Mar 7 23:10 adsl-start -rwxr-xr-x 1 root root 2748 Mar 7 23:10 adsl-status -rwxr-xr-x 1 root root 3030 Mar 7 23:10 adsl-stop -rwxr-xr-x 1 root root 19988 Mar 7 11:36 agetty -rwxr-xr-x 1 root root 35760 Mar 7 23:10 alsactl [root@system sbin]# ls -lc | head total 16444 -rwxr-xr-x 1 root root 6720 Mar 7 23:33 accton -rwxr-xr-x 1 root root 5244 Mar 7 23:30 addpart -rwxr-xr-x 1 root root 10110 Mar 7 23:33 adsl-connect -rwxr-xr-x 1 root root 12886 Mar 7 23:33 adsl-setup -rwxr-xr-x 1 root root 6451 Mar 7 23:33 adsl-start -rwxr-xr-x 1 root root 2748 Mar 7 23:33 adsl-status -rwxr-xr-x 1 root root 3030 Mar 7 23:33 adsl-stop -rwxr-xr-x 1 root root 19988 Mar 7 23:30 agetty -rwxr-xr-x 1 root root 35760 Mar 7 23:33 alsactl The config directive used for /sbin was /sbin pilugsrmzAC Anyways, hope I'm wrong, but please let me know what's going on. Thanks, Alex |
|
From: Yuri <wa...@yu...> - 2005-12-06 18:22:44
|
Hi all, I noted that the output of "new:" entries always include a "changed:" entry with a zeroed checksum. I think this is both useless and inconsistent. I'm willing to change it to a "new: s(...)" entry like "missing:" does. Since this would be the only output change for integrit 4.0, I'm asking for opinions from users. Also, if you have any comments/proposals, that would be an ideal time for them (if time permits). Thanks |
|
From: Seb W. <sa...@mr...> - 2005-10-29 14:19:07
|
On Thu, 28 Oct 2004, Patrick Breucking wrote: > after the update from Debian woody to sarge, my daily integrit promt the > following message: ... > integrit (report_differences): Error: bad db entry for file (/) > exit: 2 I got this too. From memory, I think I solved it by deleting the existing db 'known' db file, running integrit to build a new 'current' file, and copying that to the 'known' db file path. I guess the db file format changed between versions? I think it's also the case that the default configuration in the sarge package no longer rotates yesterday's "current" to today's "known". In other words, once any differences are detected, they will be reported repeatedly every day until you overwrite 'known' with 'current' by hand (or modify the integrit cron script to do so automatically whenever a change has been reported, like it used to). HTH, Seb |
|
From: Patrick B. <pat...@fe...> - 2005-10-28 08:51:58
|
Hi folks,
after the update from Debian woody to sarge, my daily integrit promt the
following message:
start: integrit -C /etc/integrit/integrit.conf -cu
integrit: ---- integrit, version 3.02 -----------------
integrit: output : human-readable
integrit: conf file : /etc/integrit/integrit.conf
integrit: known db : /var/lib/integrit/known.cdb
integrit: current db : /var/lib/integrit/current.cdb
integrit: root : /
integrit: do check : yes
integrit: do update : yes
integrit (report_differences): Error: bad db entry for file (/)
exit: 2
I searched google and mailing list archives, but don't a sophisticated
solution. Can anybody help me?
Best regards,
Patrick Breucking
patrick.breucking {at} fernuni-hagen.de
|
|
From: Yuri <wa...@yu...> - 2005-10-24 20:43:20
|
> Zhan Zhaohua <webpurchasing <at> yahoo.com> writes: Hi Zhan Zhaohua, I've seen nobody responded so I drop in. I've worked a bit on integrit recently, I will try to answer what I can. > 1.We know the Integrit is writed in C. Does it have > C API? > We select the document and source code, but we > always not sure whether Integrit has C API to use. > Maybe we need change the source code for our need. We > know the Integrit is GPL. :) > > 2. Because we will use it at many way so we want to > know whether Integrit support C++/Java API, or the > other language? No, and yes. No because integrit does not officially have a documented api except for the command line utility. Yes because and internal api is used by the i-ls and i-viewdb utilities to access and stat files produced by integrit. The code is clearly separated, and thus tailoring integrit to your needs should be easy. This is still not documented and subject to change though, so it depends on your needs. The output format instead is clearly documented and will remain consistent across releases. > 3. This quesiton is about Integrit's size. Could > you tell us how about its program size and the size > when executing it. You can better verify it by yourself. integrit runtime execution speed and size is mostly cdb's speed, which is rather conservative. Please see: http://cr.yp.to/cdb.html Currently integrit grows up to 6mb of real (22mb virtual) memory to scan appprox 250k files on linux. Each record takes ~230bytes on the final db. > 4. When compiler the source code which library is > necessary? A C compiler and a posix system. No external libraries are required. |
|
From: Zhan Z. <web...@ya...> - 2005-10-19 02:54:51
|
Dear,
We compare the File Integrity Verification under
the linux which we plan to use in our Linux-Embedded
system. The API information of each software is
disillusionary. Most software doesn't an API
specifically. So we will need the other method to use
them for our plan.
We will really appreciate your help if you could
help us find the answers to the following questions:
1. How about its program size and the size when
executing it? Because we want to use it by exec
function, So the size of integrit is important. And we
want to know whether the TLP could be executed by the
command such as exec. Whether it will control by one
Process. Whether we could use own license of the
program which execute integrit by the command line to
replace GPL.
2. If integrit couldn't be executed by the command
such as exec, So whether it will have the UI to
execute through other program.
Maybe some of questions are not suitable, but any
informations will help us a lot.
Thank you very much again!
Wish a successful further cooperation!
Best regards
Zhan Zhaohua
2005.10.19
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
|
|
From: Zhan Z. <web...@ya...> - 2005-10-11 05:39:37
|
Dear Ron Forreste:
Our organization compare the normal information of
File Verification under the linux. And we find the
Integrit maybe more suit our plan. But now we must
compare some technical quesiton to decide which
software will be used in our project which is a
Linux-Embedded system and will be sold as products in
the market.
We will really appreciate your help if you could
help us find the answers to the following questions:
1.We know the Integrit is writed in C. Does it have
C API?
We select the document and source code, but we
always not sure whether Integrit has C API to use.
Maybe we need change the source code for our need. We
know the Integrit is GPL. :)
2. Because we will use it at many way so we want to
know whether Integrit support C++/Java API, or the
other language?
3. This quesiton is about Integrit's size. Could
you tell us how about its program size and the size
when executing it.
4. When compiler the source code which library is
necessary?
Maybe some of questions are not suitable, but any
informations will help us a lot.
Thank you very much again!
Wish a successful further cooperation!
Best regards
Zhan Zhaohua
2005.10.11
__________________________________
Yahoo! Music Unlimited
Access over 1 million songs. Try it free.
http://music.yahoo.com/unlimited/
|
|
From: Ed L. C. <ec...@gm...> - 2005-09-22 19:43:56
|
On 9/21/05, Tian WenQiang <web...@ya...> wrote: > Dear, > > Our organization is planning a big project which > is a Linux-Embedded system and will be sold as > products in the market. Will it use the GPL for licensing? > It is necessary for us to choose a File > Verification product. From internet, we found your > File Verification product -- integrit, and we are very > interested in it, so we have a few important questions > to ask though some of the answers to them > > might be found in your website, but we are a little > afraid whether the information might be out-of-date. Most of the information should be good. Let me know if you find out of date info. > We will really appreciate your help if you could > help us find the answers to the following questions: > > 1. Who or which group is the author of integrit? And > which develop mode of the integrit ? For Example: 1 > manager,2 developer ... I wrote it originally, and other people have contributed. Lately Chris Johns and Yuri D'Elia have performed a lot of development. > 3. Which test method of the integrit? (I find the > test scripts in the src code.Is it used the test > scripts in the development.) Yes, there's the "make test" target. We also rely on feedback from users, since the developers don't have access to all the platforms on which integrit runs. > 4. Which Company or person provide the commercially > support? And how much does it cost? I am not aware of any company offering integrit support for pay. > 5 How about manage the Bug? Because we couldn't find > the bug records on the > http://integrit.sourceforge.net/ or > http://sourceforge.net/projects/integrit/ I took the web forums offline because the mailing lists are good central places for bug reports. -- Ed L. Cashin <ec...@no...> |
|
From: Tian W. <web...@ya...> - 2005-09-22 02:43:05
|
Dear,
Our organization is planning a big project which
is a Linux-Embedded system and will be sold as
products in the market.
It is necessary for us to choose a File
Verification product. From internet, we found your
File Verification product -- integrit, and we are very
interested in it, so we have a few important questions
to ask though some of the answers to them
might be found in your website, but we are a little
afraid whether the information might be out-of-date.
We will really appreciate your help if you could
help us find the answers to the following questions:
1. Who or which group is the author of integrit? And
which develop mode of the integrit ? For Example: 1
manager,2 developer ...
3. Which test method of the integrit? (I find the
test scripts in the src code.Is it used the test
scripts in the development.)
4. Which Company or person provide the commercially
support? And how much does it cost?
5 How about manage the Bug? Because we couldn't find
the bug records on the
http://integrit.sourceforge.net/ or
http://sourceforge.net/projects/integrit/
Maybe some of questions are not suitable, but any
informations will help us a lot.
Thank you very much again!
Wish a successful further cooperation!
Best regards
Zhan Zhaohua
2005.9.22
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
|
|
From: Ed L. C. <ec...@gm...> - 2005-09-14 13:28:02
|
On 9/14/05, Ed L. Cashin <ec...@gm...> wrote: ... > I haven't heard > any news like that for SHA-1, but I'd be interested to > see any. Google is my friend. http://www.schneier.com/blog/archives/2005/02/sha1_broken.html --=20 Ed L. Cashin <ec...@no...> |
|
From: Ed L. C. <ec...@gm...> - 2005-09-14 13:25:10
|
On 9/14/05, Franky Van Liedekerke <lie...@te...> wrote: ... > SHA seems to be pretty much broken as well, so you might wanna try AES or > something alike ... By broken I mean that people can find real collisions today in a practical amount of time (not, e.g., millenia). I haven't heard=20 any news like that for SHA-1, but I'd be interested to=20 see any. --=20 Ed L. Cashin <ec...@no...> |
|
From: Ed L. C. <ec...@gm...> - 2005-09-14 03:58:48
|
Hi, all. There's been a new release of integrit that includes=20 changes from two developers, Chris Johns and Yuri D'Elia. Thanks very much to these two for helping to keep integrit simple, stable, and useful. It occurs to me to mention on this happy occasion that a helpful goal for the next integrit release is the removal=20 of the use of md5 in integrit. The md5 algorithm has been pretty thoroughly broken within the past year or two, and so using SHA1 exclusively would be a good move. Here are the changes for 3.05. 3.05 changes:=20 Document Chris Johns changes and update Makefile targets for developers. 3.04 changes: Applied patches from Yuri D'Elia: - configure.in: Added some checks whether -static (or other flags) can be used. Under at least OSX (and possibly open darwin) -static cannot be used. This patch fix the build on those systems. - elcwft.c: reorganized the walk loop. Ignored directories are now _really_ ignored (that is, no more "cannot open directory"). - gnupg/md5.c: fixed broken macro for big endian systems under certain compilers. - other fixes: Assume checksums to be unsigned char as required by gnupg/* (eliminates a dozen of warnings). Changes from Chris Johns: Remove the "filetype" change type, and replace it with a new "type" inode change. So now integrit keeps the S_IFMT mode bits, in the same way to the permission bits from the file mode, and hence any change to file type gets flagged in the "stat" change type. Add a new "devicetype" element in the "stat" change type, to detect when a character or block special file changes major/minor number. Finally, treat symbolic links similarly to regular files, in that integrit computes an SHA-1 checksum for them, but not for the file contents, but rather for the name in the symlink (using readlink()). Then, if a file remains a symlink, but points to a different target, that's flagged as an "SHA-1" change to the file. Note that the database itself is not affected by this change, since it contains a 'struct stat' and an SHA-1 checksum string already. The code simply uses the existing database contents differently now. --=20 Ed L. Cashin <ec...@no...> |
|
From: Ed L. C. <ec...@gm...> - 2005-05-24 00:30:09
|
On 5/23/05, Alex Gottschalk <ago...@le...> wrote: > Thanks for your reply. I'm looking at the latest version (3.02), and > the documentation refers to checking the mode on symlinks, but it > doesn't say whether it will follow or dereference directory symlinks. Hmm. I can't remember. Hopefully the documentation at least implies that. As far as integrit is concerned,=20 symlinks are just files right where they are. They're not followed. > I'd say this is an important piece of information for a filesystem tool. Yes, I agree. --=20 Ed L. Cashin <ec...@no...> |
|
From: Alex G. <ago...@le...> - 2005-05-24 00:10:43
|
Thanks for your reply. I'm looking at the latest version (3.02), and the documentation refers to checking the mode on symlinks, but it doesn't say whether it will follow or dereference directory symlinks. I'd say this is an important piece of information for a filesystem tool. Thanks for your help. --Alex On Mon, 2005-05-23 at 17:43 -0400, Ed L. Cashin wrote: > On 5/23/05, Alex Gottschalk <ago...@le...> wrote: > > I've read through the FAQ and documentation for integrit, and I haven't > > been able to find any information regarding how it deals with symlinks. >=20 > That is strange, unless you are looking at an > obsoleted version. >=20 > There's a new version coming out soon that changes > symlink behavior, I think. You can probably see the > changes by browsing CVS from the sourceforge project > page. >=20 > > Also, can I have default ignore policy for a directory, and then > > re-include specific sub-directories? >=20 > I think that feature was not included because you could > just create a config file for each subdirectory, using=20 > scripts if necessary. >=20 > I'll be very busy this week, but you can try the=20 > integrit mailing list if you have any other questions. >=20 --=20 Alex Gottschalk ago...@le... IT Manager/Sysadmin Office: (415) 357-7635 LetsTalk.com Cell: (415) 517-4982 |
|
From: Alex G. <ago...@le...> - 2005-05-23 21:47:48
|
I'm getting an error when I try to view my new checksum db. # i-viewdb integrit-test.cdb.new / i(2) p(755) l(20) u(0) g(0) z(4096) a(19691231-160008) m(20050524-055705) c(20050512-171104) /usr i(2) p(755) l(17) u(0) g(0) z(4096) a(19691231-160008) m(20050524-055705) c(20050520-145251) /usr/share i(292609) p(755) l(147) u(0) g(0) z(4096) a(19691231-160008) m(20050524-055705) c(20040923-151951) /usr/bin i(1040385) p(755) l(2) u(0) g(0) z(36864) a(19691231-160112) m(20050524-055705) c(20050520-145251) integrit (viewdb): Error: bad entry (too big value) in DB (integrit-foohost.cdb.new) So what's the deal here? Thanks! --Alex --=20 Alex Gottschalk ago...@le... IT Manager/Sysadmin Office: (415) 357-7635 LetsTalk.com Cell: (415) 517-4982 |
|
From: Ed L. C. <ec...@gm...> - 2005-05-23 21:43:17
|
On 5/23/05, Alex Gottschalk <ago...@le...> wrote: > I've read through the FAQ and documentation for integrit, and I haven't > been able to find any information regarding how it deals with symlinks. That is strange, unless you are looking at an obsoleted version. There's a new version coming out soon that changes symlink behavior, I think. You can probably see the changes by browsing CVS from the sourceforge project page. > Also, can I have default ignore policy for a directory, and then > re-include specific sub-directories? I think that feature was not included because you could just create a config file for each subdirectory, using=20 scripts if necessary. I'll be very busy this week, but you can try the=20 integrit mailing list if you have any other questions. --=20 Ed L. Cashin <ec...@no...> |
|
From: Alex G. <ago...@le...> - 2005-05-23 21:16:08
|
I've read through the FAQ and documentation for integrit, and I haven't been able to find any information regarding how it deals with symlinks. Also, can I have default ignore policy for a directory, and then re-include specific sub-directories? Thanks! --=20 Alex Gottschalk ago...@le... IT Manager/Sysadmin Office: (415) 357-7635 LetsTalk.com Cell: (415) 517-4982 |
|
From: Ed L. C. <ec...@gm...> - 2005-04-23 20:26:19
|
On 4/23/05, Antoine <abo...@ya...> wrote: > Thanks for the code. I'm not very familiar with sed so > I rewrote it in perl as below. This one is tested and > works. :) Thanks for posting that. Mine didn't do groups, just uid. --=20 Ed L. Cashin <ec...@no...> |
|
From: Antoine <abo...@ya...> - 2005-04-23 13:40:45
|
Thanks for the code. I'm not very familiar with sed so
I rewrote it in perl as below. This one is tested and
works. :)
#!/usr/bin/perl
while( <STDIN> ) {
next unless s/^changed: (.*) //;
$filename = $1;
while( /([a-z])\(([\d-]+):([\d-]+)\)/g ) {
$1 eq "u" and run( "chown $2 $filename" );
$1 eq "g" and run( "chgrp $2 $filename" );
}
}
sub run {
print( "$_[0]\n" );
system( "$_[0]" ) and die "command failed";
}
--- "Ed L. Cashin" <ec...@gm...> wrote:
> It does sound like something that could be
> scripted with a little sed. I don't usually post
> untested scripts, but this is just to convey a
> general approach ...
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
|
|
From: Ed L. C. <ec...@gm...> - 2005-04-22 15:25:32
|
On 4/22/05, Antoine <abo...@ya...> wrote: ... > So I'm looking for a script that can parse the changes > output by integrit and revert the affected files to > the last known good state. Maybe someone here had to > write such a thing in the past or can point me in the > right direction? A quick web search didn't yield > anything. It does sound like something that could be=20 scripted with a little sed. I don't usually post untested scripts, but this is just to convey a general approach ... while read line; do uid=3D"`echo $line | sed -n '/^changed:/s/u[(]\([^:][^:]*\):/p'`" test "$uid" || continue fnam=3D"`echo $line | sed -e 's!^changed: !!' -e 's! *.*!!'`" chown $uid $fnam done Whitespace in filenames will break the script. --=20 Ed L. Cashin <ec...@no...> |
1 message has been excluded from this view by a project administrator.
