integrit-users Mailing List for integrit file verification system (Page 8)
Brought to you by:
ecashin
Menu
▾
▴
integrit-users — mailing list for discussion of issues related to using integrit
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(9) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(10) |
Feb
(27) |
Mar
(5) |
Apr
(1) |
May
(1) |
Jun
(12) |
Jul
(5) |
Aug
(14) |
Sep
(6) |
Oct
(31) |
Nov
(6) |
Dec
(4) |
| 2002 |
Jan
(2) |
Feb
(13) |
Mar
(2) |
Apr
(3) |
May
(2) |
Jun
(2) |
Jul
(5) |
Aug
(6) |
Sep
(13) |
Oct
(1) |
Nov
(1) |
Dec
(1) |
| 2003 |
Jan
(8) |
Feb
|
Mar
(2) |
Apr
|
May
(2) |
Jun
|
Jul
(8) |
Aug
(5) |
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2004 |
Jan
|
Feb
(4) |
Mar
(1) |
Apr
(4) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2005 |
Jan
(1) |
Feb
|
Mar
|
Apr
(5) |
May
(5) |
Jun
|
Jul
|
Aug
|
Sep
(5) |
Oct
(5) |
Nov
|
Dec
(1) |
| 2006 |
Jan
|
Feb
|
Mar
(2) |
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(15) |
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(6) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Cott L. <co...@in...> - 2001-10-15 22:48:26
|
AUX is a device. :) ----- Original Message -----=20 From: Rodney Lancaster=20 To: int...@li...=20 Sent: Monday, October 15, 2001 3:35 PM Subject: [Integrit-users] Windows 2K port? I have done a quick attempt to see if Integrit will work on Win2000 = using Cygwin to give me the GNU compiler and POSIX compliance. = Surprisingly the only problem (which is a show stopper) has nothing to = do with Integrit or Cygwin. The problem is that MS has a "special" file = called "aux" in every directory that does not show up even when you ask = for Hidden and System files. Just try to create a directory on a Win2K = box named "aux". When you try you get the message "A file with the name = specified already exists. Specify a different filename." =20 =20 The place I work would not mind me using Integrit if there can be a = port for Win2K (ugh). We are primarily a Solaris and Windows Shop. =20 Would it be too hard to rename the "aux" directory to "auxiliary" or = something else? If not I'll be glad to go through the code and make the = changes to check it out. It would interesting to have a GPL integrity = checker that at least partway works on a Win2K environment. (Oh, I can't = believe I am saying this). =20 Rodney V. Lancaster =20 =20 =20 |
|
From: Rodney L. <rla...@ve...> - 2001-10-15 22:36:00
|
I have done a quick attempt to see if Integrit will work on Win2000 using Cygwin to give me the GNU compiler and POSIX compliance. Surprisingly the only problem (which is a show stopper) has nothing to do with Integrit or Cygwin. The problem is that MS has a "special" file called "aux" in every directory that does not show up even when you ask for Hidden and System files. Just try to create a directory on a Win2K box named "aux". When you try you get the message "A file with the name specified already exists. Specify a different filename." =20 =20 The place I work would not mind me using Integrit if there can be a port for Win2K (ugh). We are primarily a Solaris and Windows Shop. =20 Would it be too hard to rename the "aux" directory to "auxiliary" or something else? If not I'll be glad to go through the code and make the changes to check it out. It would interesting to have a GPL integrity checker that at least partway works on a Win2K environment. (Oh, I can't believe I am saying this). =20 Rodney V. Lancaster =20 =20 =20 |
|
From: Ed L C. <ec...@te...> - 2001-10-12 16:04:08
|
RD...@ga... (Mr. Ross Druker) writes:
> On Oct 11, 4:19pm, Ed L Cashin wrote:
>
> > Thanks very much for your help and cooperation. If you get GNU make
> > for HP-UX, let me know how things go! :)
> I installed gmake and started over. It compiled cleanly. (Still
> got the same couple of warning messages I sent in my first note.)
Do you mean that the errors were exactly this:
>>> making library for shared integrit code: make -f integrit.mak libintegrit.a
gcc -g -Wall -O2 -c cdb_seq.c
cdb_seq.c:20: config.h: No such file or directory
cdb_seq.c:31: #error No stdint.h or inttypes.h found.
In file included from cdb_seq.c:37:
packint.h:45: #error Unsupported byte order
packint.h:58: #error Unsupported byte order
*** Error exit code 1
? If so, I'm surprised, since that means that using gmake did not
change the way the makefile was being parsed, which is unlikely.
> It still alternates dumping core or generating the same error when I
> use -c and -u together. :-(
That is the problem that sounds like the byte-order being wrong. It
would happen if you are seeing the warnings above.
Let's make use of the integrit-users list. There may be some HP-UX
users there who have experience building integrit there. Here's the
link again for your convenience:
http://lists.sourceforge.net/lists/listinfo/integrit-users
--
--Ed Cashin PGP public key:
ec...@te... http://www.terry.uga.edu/~ecashin/pgp/
|
|
From: Ed L C. <ec...@te...> - 2001-10-02 19:43:20
|
Forrest Aldrich <fo...@fo...> writes: > Are you going to update the FreeBSD port? The FreeBSD port maintainer might. I am not he, though. You could probably get more info by contacting the maintainer listed here: http://www.freebsd.org/ports/security.html#integrit-2.01.01 -- --Ed Cashin PGP public key: ec...@te... http://www.terry.uga.edu/~ecashin/pgp/ |
|
From: Ed L C. <ec...@te...> - 2001-09-19 01:37:16
|
The new version has a new FAQ entry on trailing slashes. The build process will not fail when install-info isn't found -- a warning is issued instead. -- --Ed Cashin PGP public key: ec...@te... http://www.terry.uga.edu/~ecashin/pgp/ |
|
From: Ed L C. <ec...@te...> - 2001-09-14 21:35:46
|
(Cc'ed to integrit-users mailing list. For more info, see: http://sourceforge.net/mail/?group_id=15369) gr...@cl... writes: > Hello > > I'm trying to use integrit, and being a beginner at unix administration, > I'm puzzled with a small problem : > > each time I run integer, I got a different checksum I assume you typed "integer" but meant to type "integrit". > I compiled integrit with no problem. I tried to "integritize" first > /usr/bin, then /root. > > If I run integrit -c -u twice in a row, I got different checksums. > > What am I doing wrong? Nothing. By the subject of your email, I suppose you are referring to the MD5 checksum printed at the end of the report. That is the checksum of the new integrit database. Since a new integrit database is generated everytime you run integrit with the "-u" option, the new database is different every time. Therefore, the MD5 checksum of the new database will be different every time. The only time you should be concerned is when the MD5 checksum of the new database doesn't match the one in the last integrit report. That means that someone may have tampered with the new database. -- --Ed Cashin PGP public key: ec...@te... http://www.terry.uga.edu/~ecashin/pgp/ |
|
From: Ed L C. <ec...@te...> - 2001-09-13 00:02:16
|
(Cc'ed to the integrit-users mailing list. For info, see: http://sourceforge.net/mail/?group_id=3D15369) Ra=81=FAl N=81=FA=81=F1ez de Arenas Coronado <der...@ja...> writes: > Hello Ed :)) >=20 > First of all: thanks for integrit. It's a very good job :) Thanks! I like it too. > I don't use it for security reasons, since I don't have sensitive > information and nobody's gonna tamper my home PC anyway ;)). I use it > because I had a not very reliable hard disk and I wanted to check if > all my binary data remained incorrupted. Now I have a new disk, but > I'm used to integrit and now, after a fsck, I perfectly know if any > file has been broken by the power failure and the like. Simply > fantastic :)) I've heard about several interesting ways people have been using integrit. One sysadmin liked using it to find out the users and developers were doing on a box he inherited. > But let's go to the matter: I think that I've discovered a bug in > integrit. Being sincere, I haven't had enough time to take a look at > the sources, and so I don't know if it's a known bug. Well, the think > is that I get a segfault when running integrit, and I've isolated the > problem: the proc filesystem. You can't run integrit on the /proc filesystem because it's really not a filesystem but an interface to the kernel. Mucking with that interface as root results in behavior that varies from platform to platform. > I have a rule in the config file saying "!/proc/", *with* the > trailing slash, and it seems that this way /proc is recursed :?? When > I remove that slash then integrit runs ok. That's because integrit is simple: there is no directory named "/proc/". Your rule won't apply to "/proc" (which does exist) but rather to "/proc/" (which probably doesn't). For 2.03.01, I added a note to the documentation that makes this explicit, but I think I'm going to add this to the FAQ and the web page.=20=20 > Even if the problem is that slash, meaning that the subdirs at > /proc/ get checked, or if the user wants /proc checked, or if the > user by mistake forgets to include the rule excluding /proc of the > running, the program shouldn't crash with a segfault, don't you think > so?=20 Not in principle. Like I said above, mucking with the kernel is not something integrit is designed to do, so if you run integrit on /proc the results are "undefined". However, a bugfix in 2.03 might coincidentally fix the crashing. If the crashes occur because of failed reads after successful opens, then the bugfix will eliminate those crashes. So reports Robert Weber. ... > I think that the segfault is due to the use of 'mmap()', and if > so the only way of getting rid of it is to disable 'mmap()' at > compile time. If this is the case, please excuse me for this bug > report: obviously integrit cannot fix anything. I suspect the segfault isn't an mmap thing. > Well, thanks a lot for such a good program, and if you need more > information for investigating the bug please don't doubt contacting > me. And excuse my poor english: I come from Spain. Your message was very readable. Thank you for the feedback. --=20 --Ed Cashin PGP public key: ec...@te... http://www.terry.uga.edu/~ecashin/pgp/ |
|
From: Ed L C. <ec...@te...> - 2001-09-11 16:30:37
|
<lie...@pa...> writes: > There seems to be a file missing: install-info. Here is the error I get > when typing "make install" > > >>> installing documentation: cd doc && make install > installing manpage i-ls.1 in /opt/integrit-2.03/man/man1 > installing manpage i-viewdb.1 in /opt/integrit-2.03/man/man1 > installing manpage integrit.1 in /opt/integrit-2.03/man/man1 > installing integrit in /opt/integrit-2.03/info > install-info --dir-file=/opt/integrit-2.03/info/dir > --info-file=/opt/integrit-2.03/info/integrit > sh: install-info: not found > *** Error code 1 > make: Fatal error: Command failed for target `install' > Current working directory /tmp/integrit-2.03/doc > *** Error code 1 > make: Fatal error: Command failed for target `install' > > Maybe a hint to get around this? [on lunch] Yeah, I was afraid of that. I want integrit to be GNU-compliant, so a couple versions ago I switched the docs over to texinfo. Texinfo's great once you stop reading the texinfo manual and look at someone else's texinfo sources. ;) Now we've got nicer docs, e.g., there's HTML and PostScript version of the documentation that's generated directly from the texinfo: http://integrit.sourceforge.net//texinfo/integrit.html http://integrit.sourceforge.net//texinfo/integrit.ps ... but the installation of the documenation now depends on the user having install-info, which is a binary program that's part of the GNU info distribution. For example, here's a RedHat machine I use: ecashin@ping build$ rpm -qf /sbin/install-info info-4.0-15 It's in sbin, so it should be in root's path if you do a "su - ", *if* you've got info installed. If not, get info, install it, make sure install-info is in root's path, and then everything should work. To be thorough, I should add configure support for install-info so that the configure script and the Makefile will say something helpful if they can't find install-info. Thanks very much for the feedback. If I can't fix this correctly yet, I should at least warn the user and continue the build upon the failure of the install-info step. -- --Ed Cashin PGP public key: ec...@te... http://www.terry.uga.edu/~ecashin/pgp/ |
|
From: <lie...@pa...> - 2001-09-11 08:42:37
|
There seems to be a file missing: install-info. Here is the error I get when typing "make install" >>> installing documentation: cd doc && make install installing manpage i-ls.1 in /opt/integrit-2.03/man/man1 installing manpage i-viewdb.1 in /opt/integrit-2.03/man/man1 installing manpage integrit.1 in /opt/integrit-2.03/man/man1 installing integrit in /opt/integrit-2.03/info install-info --dir-file=/opt/integrit-2.03/info/dir --info-file=/opt/integrit-2.03/info/integrit sh: install-info: not found *** Error code 1 make: Fatal error: Command failed for target `install' Current working directory /tmp/integrit-2.03/doc *** Error code 1 make: Fatal error: Command failed for target `install' Maybe a hint to get around this? Franky |
|
From: Ed C. <ec...@te...> - 2001-09-11 01:19:36
|
Hi. Spurred on by a nice bug report, I released a new stable version of integrit tonight. The main improvements are a significant bugfix and additions to the documentation. Thanks to everyone who made suggestions for the documentation and helped look for bugs. Here is a link to the changelog section for this release: http://sf.net/project/shownotes.php?release_id=52326 -- Ed L Cashin <ec...@te...> |
|
From: Ed L C. <ec...@te...> - 2001-08-31 20:10:00
|
matt <ma...@ci...> writes: ... > 1/- what you specify as root is then checked recursively with all > checks. You remove what you don't want checked, rather than add stuff > that you do. Yes, that's correct. I'll make a note to make sure that's clear in the docs. > 2/- trailing slashes on checkset destinations result in nothing > being checked. Trailing slashes are not possible in a real UNIX filename or directory name. I'll check whether the docs warn against adding them. > 3/- prefixes cannot be overridden. Right. > I think that the root.conf example in the examples directory should > be changed, as it specifies at least 3 checksets that won't ever > do anything because of point 3: > > $ sed -n 58,62p examples/root.conf > =/var/spool > /var/log SIMC > /var/spool/cron SIMC > =/var/spool/mqueue > /var/spool/mail SIMC That's a good point. If you would like to send a patch to integrit-devel, here's a helpful way to do it: wget http://prdownloads.sourceforge.net/integrit/integrit-2.02.02-beta.tar.gz tar xvfz integrit-2.02.02-beta.tar.gz cp integrit-2.02/examples/root.conf integrit-2.02/examples/root.conf.dist vi integrit-2.02/examples/root.conf diff -u integrit-2.02/examples/root.conf.dist integrit-2.02/examples/root.conf > root.conf-patch -- --Ed Cashin PGP public key: ec...@te... http://www.terry.uga.edu/~ecashin/pgp/ |
|
From: Ed L C. <ec...@te...> - 2001-08-31 20:03:16
|
<tw...@it...> writes: > I am currently ignoring the log directory /var/log with integrit because I > could not get it to give me reasonable output. That is to say every option > I tried returned data every day. > > For now I have disabled any integrit checking of /var/log altogether. > > Basically I was wondering if anyone had a rule for /var/log that checked > for a few things but did not have so many false positives. The example root.conf configuration file in the "examples" directory of the source distribution includes this configuration, which I find helpful: /var/log SIMC But you can figure that out yourself: if integrit gives you output you don't need, just look at what kind of output it is and then make a rule that ignores it specifically. For example, if the checksum (s), inode number (i), modification (m) and change (c) times always change, then you know you need the above rule to turn off those checks. -- --Ed Cashin PGP public key: ec...@te... http://www.terry.uga.edu/~ecashin/pgp/ |
|
From: <tw...@it...> - 2001-08-30 15:58:08
|
I am currently ignoring the log directory /var/log with integrit because I could not get it to give me reasonable output. That is to say every option I tried returned data every day. For now I have disabled any integrit checking of /var/log altogether. Basically I was wondering if anyone had a rule for /var/log that checked for a few things but did not have so many false positives. Cheers, Terrence |
|
From: matt <ma...@ci...> - 2001-08-30 09:12:24
|
Ed,
thanks for the help, and the pointer to the examples directory - don't
know why I didn't think to check there.
I think I'm beginning to grok it now. However, here are some things
you may be able to clarify for me:
1/- what you specify as root is then checked recursively with all
checks. You remove what you don't want checked, rather than add stuff
that you do.
2/- trailing slashes on checkset destinations result in nothing being
checked.
3/- prefixes cannot be overridden.
I think that the root.conf example in the examples directory should
be changed, as it specifies at least 3 checksets that won't ever
do anything because of point 3:
$ sed -n 58,62p examples/root.conf
=/var/spool
/var/log SIMC
/var/spool/cron SIMC
=/var/spool/mqueue
/var/spool/mail SIMC
Thanks
Matt
--
#!/usr/bin/perl
$A='A';while(print+($A.=(grep{($A=~/(...).{78}$/)[0]eq$_}" A A A "
=~m{(...)}g)?"A":" ")=~/([ A])$/){if(!(++$l%80)){print"\n";sleep 1}}
|
|
From: Ed L C. <ec...@te...> - 2001-08-30 00:07:56
|
matt <ma...@ci...> writes: > Hello again list, > > I have finally got integrit to do what I want. Can anyone tell me a > better way to check all files below /bin and /etc inclusive? > > --start-config-- > root=/ > current=/root/integrit/current.db > known=/root/integrit/known.db > > /bin > ! /boot > ! /dev > /etc > ! /home > ! /install > ! /lib > ! /lost+found > ! /mnt > ! /proc > ! /root > ! /sbin > ! /tmp > ! /usr > ! /var > --end-config-- Looks good to me. (As long as that known database is not writable from the localhost.) Another option is to do use two different configuration files: # integrit-bin.conf root=/bin ... and another file: # integrit-etc.conf root=/etc Then you can launch integrit twice, either sequentially or in parallel, depending on your setup. e.g., If /bin and /etc are on different devices, this could be a win because total execution time is less. -- --Ed Cashin PGP public key: ec...@te... http://www.terry.uga.edu/~ecashin/pgp/ |
|
From: Ed L C. <ec...@te...> - 2001-08-30 00:02:39
|
<lie...@pa...> writes: > An example: > > root=/web/content/www > known=/opt/integrit/db/www.cdb > current=/opt/integrit/db/www..cdb.new > /web/content/www/admin/.db AMC > !/web/content/www/private > !/web/content/www/mail > > Franky Thanks, Franky. Matt, for sample conf files, you can also see the "examples" directory in the integrit source distribution. It has a root.conf file that is an example integrit configuration file that uses / as the root. > On Wed, 29 Aug 2001, matt wrote: ... > > Doesn't check anything. I thought that you could override previous > > rules, but it appears not. Rules have different parts. You're right that you can override switches, but you can't override prefixes. See the new texinfo HTML help on the web: http://integrit.sourceforge.net/texinfo/integrit.html#Configuration%20File Here's a relevant exerpt: You can always override switches that are inherited from parent directories. There is also a special dollar-sign prefix (described above) you can use to override the normal cascading behavior. e.g., In the example below, all the stuff under /var/log won't have checksums done, except all the files under /var/log/archives: /var/log S /var/log/archive s Again, the upper case turns the check off, and the lower case turns it back on. -- --Ed Cashin PGP public key: ec...@te... http://www.terry.uga.edu/~ecashin/pgp/ |
|
From: matt <ma...@ci...> - 2001-08-29 10:36:07
|
Hello again list,
I have finally got integrit to do what I want. Can anyone tell me a
better way to check all files below /bin and /etc inclusive?
--start-config--
root=/
current=/root/integrit/current.db
known=/root/integrit/known.db
/bin
! /boot
! /dev
/etc
! /home
! /install
! /lib
! /lost+found
! /mnt
! /proc
! /root
! /sbin
! /tmp
! /usr
! /var
--end-config--
Thanks,
Matt
--
#!/usr/bin/perl
$A='A';while(print+($A.=(grep{($A=~/(...).{78}$/)[0]eq$_}" A A A "
=~m{(...)}g)?"A":" ")=~/([ A])$/){if(!(++$l%80)){print"\n";sleep 1}}
|
|
From: <lie...@pa...> - 2001-08-29 09:21:00
|
An example:
root=/web/content/www
known=/opt/integrit/db/www.cdb
current=/opt/integrit/db/www..cdb.new
/web/content/www/admin/.db AMC
!/web/content/www/private
!/web/content/www/mail
Franky
On Wed, 29 Aug 2001, matt wrote:
> Hello list,
>
> I was wondering if someone could help me out by sending me a config
> that only monitors certain parts of the filesystem.
>
> I still can't stop integrit from checking all files, unless I say
> something like
>
> ! /
>
> or
>
> = /
>
> And then even with other checksets, it ignores everything underneath
> it, so
>
> ! /
> /etc sipugz
>
> Doesn't check anything. I thought that you could override previous
> rules, but it appears not.
>
> Thanks again,
>
> Matt
>
> --
> #!/usr/bin/perl
> $A='A';while(print+($A.=(grep{($A=~/(...).{78}$/)[0]eq$_}" A A A "
> =~m{(...)}g)?"A":" ")=~/([ A])$/){if(!(++$l%80)){print"\n";sleep 1}}
>
>
> _______________________________________________
> Integrit-users mailing list
> Int...@li...
> http://lists.sourceforge.net/lists/listinfo/integrit-users
>
|
|
From: matt <ma...@ci...> - 2001-08-29 09:10:28
|
Hello list,
I was wondering if someone could help me out by sending me a config
that only monitors certain parts of the filesystem.
I still can't stop integrit from checking all files, unless I say
something like
! /
or
= /
And then even with other checksets, it ignores everything underneath
it, so
! /
/etc sipugz
Doesn't check anything. I thought that you could override previous
rules, but it appears not.
Thanks again,
Matt
--
#!/usr/bin/perl
$A='A';while(print+($A.=(grep{($A=~/(...).{78}$/)[0]eq$_}" A A A "
=~m{(...)}g)?"A":" ")=~/([ A])$/){if(!(++$l%80)){print"\n";sleep 1}}
|
|
From: matt <ma...@ci...> - 2001-08-28 19:43:29
|
On Tue, 28 Aug 2001, Franky Van Liedekerke wrote:
> You really don't want the mailspool to be checked
Sorry, I obviously didn't make the question clear enough.
With a no checksets, is the default behaviour to check everything
on the filesystem specified by root? That is what is happening to me.
That wasn't the behaviour I experienced with tripwire or aide.
As before:
> I got loads of stuff that had changed in the mail spool, the ttys
> etc. Am I doing something stupid or do I really have to say:
>
> ! /
>
> and then put the stuff that I want in?
Thanks,
Matt
--
#!/usr/bin/perl
$A='A';while(print+($A.=(grep{($A=~/(...).{78}$/)[0]eq$_}" A A A "
=~m{(...)}g)?"A":" ")=~/([ A])$/){if(!(++$l%80)){print"\n";sleep 1}}
|
|
From: Franky V. L. <lie...@pa...> - 2001-08-28 18:30:10
|
You really don't want the mailspool to be checked, because mail comes and goes all the time, the same for tty's. So you probably only want to specify mountpoints other than /proc and /
Integrit (and all the othera alike) only work for directories/files that don't change when you don't want them to.
Franky
On Tue, 28 Aug 2001 18:32:47 +0100 (BST)
matt <ma...@ci...> wrote:
> Hi list,
>
> I'm a brand new user to integrit, and I think I'm doing something a
> _little_ bit stupid.
>
> I wrote a test config:
>
> --start-config--
> #some needed stuff
> root=/
> current=/root/integrit/current.db
> known=/root/integrit/known.db
>
> #then the rules
> /etc sipugz
> ! /etc/ssh_random_seed
> ! /proc
> --end-config--
>
> Then did a
>
> $ integrit -C conf -c
>
> and was surprised when the database was 8MB. Then when I checked the
> system with:
>
> $ cp current.db known.db
> $ integrit -C conf -c
>
> I got loads of stuff that had changed in the mail spool, the ttys etc
> etc. Am I doing something stupid or do I really have to say:
>
> ! /
>
> and then put the stuff that I want in?
>
> Thanks,
>
> Matt
>
> --
> #!/usr/bin/perl
> $A='A';while(print+($A.=(grep{($A=~/(...).{78}$/)[0]eq$_}" A A A "
> =~m{(...)}g)?"A":" ")=~/([ A])$/){if(!(++$l%80)){print"\n";sleep 1}}
>
>
> _______________________________________________
> Integrit-users mailing list
> Int...@li...
> http://lists.sourceforge.net/lists/listinfo/integrit-users
>
|
|
From: matt <ma...@ci...> - 2001-08-28 17:32:56
|
Hi list,
I'm a brand new user to integrit, and I think I'm doing something a
_little_ bit stupid.
I wrote a test config:
--start-config--
#some needed stuff
root=/
current=/root/integrit/current.db
known=/root/integrit/known.db
#then the rules
/etc sipugz
! /etc/ssh_random_seed
! /proc
--end-config--
Then did a
$ integrit -C conf -c
and was surprised when the database was 8MB. Then when I checked the
system with:
$ cp current.db known.db
$ integrit -C conf -c
I got loads of stuff that had changed in the mail spool, the ttys etc
etc. Am I doing something stupid or do I really have to say:
! /
and then put the stuff that I want in?
Thanks,
Matt
--
#!/usr/bin/perl
$A='A';while(print+($A.=(grep{($A=~/(...).{78}$/)[0]eq$_}" A A A "
=~m{(...)}g)?"A":" ")=~/([ A])$/){if(!(++$l%80)){print"\n";sleep 1}}
|
|
From: Ed L C. <ec...@te...> - 2001-08-24 23:04:53
|
(Cc'ed to integrit-users mailing list. See http://sourceforge.net/mail/?group_id=15369 for info and how to subscribe.) David Alban <da...@re...> writes: > Ed, > > I'm evaluating the possible large scale use of integrit for a client. > > When I run integrit in check mode, I get a message that says > something similar to[1]: > > not running in update mode: will not detect deleted files From main.c: if (opts.do_check) { if (opts.do_update) check_for_missing(&opts); /* only do this after new current cdb is closed (i.e. cdb_make is done) */ else if (opts.verbose > 0) fputs(PROGNAME ": not doing update, so no check for missing files\n", stderr); close_known_cdb(&opts); } > But then in update mode, it doesn't detect the deleted files. > > How does one detect deleted files with integrit? See the logic above: if you've opted to do a check *and* an update, you'll see missing files. That's the only time you'll see them because that's the only time that integrit is checking the current filesystem (update) and also simultaneously has access to the old state (check). You need to have both to know whether a file is missing or not. I should mention that in the documentation if it isn't there already. -- --Ed Cashin PGP public key: ec...@te... http://www.terry.uga.edu/~ecashin/pgp/ |
|
From: Ed L C. <ec...@te...> - 2001-08-24 12:21:28
|
(Copied to integrit-users mailing list. See URL for subscription and list information: http://sourceforge.net/mail/?group_id=15369) "Main Dude" <wol...@ho...> writes: > I'm running Integrit 2.02 on a Linux and I'm not sure where the > human readable output can be found When integrit runs without the "-x" flag, the human-readable output is on the standard output. In short, integrit's regular output is always on the standard output, whether you're doing XML or human readable output. Error messages and warnings are produced on the standard error. For more information about standard output and standard error, see an intro to UNIX tutorial or text. So the human readable output can be found by simply running integrit. If you run it yourself, the output will be visible on your screen, or you can pipe the output to another program, like "less" the pager, or sendmail, the mail transport agent. -- --Ed Cashin PGP public key: ec...@te... http://www.terry.uga.edu/~ecashin/pgp/ |
|
From: Ed L C. <ec...@te...> - 2001-07-31 04:33:48
|
Hi. The biggest change in the new version is texinfo documentation. Since it's easy to create HTML and PostScript docs from texinfo sources, there are new docs on the web: http://integrit.sourceforge.net/texinfo/integrit.html http://integrit.sourceforge.net/texinfo/integrit.ps ... and you'll be able to view the improved docs via the "info" command when you're at a shell prompt. A faq will make a nice chapter for the texinfo docs. Hopefully that will be ready for the next stable release. I also made the file tree walker more flexible so that it could support skipping directories when opendir failed, but I decided against making integrit continue when opendir fails. Tell me if you want to know why, because I'm going to bed now. ;) -- --Ed Cashin PGP public key: ec...@te... http://www.terry.uga.edu/~ecashin/pgp/ |
1 message has been excluded from this view by a project administrator.
