Re: [Integrit-users] comparing known and current database on a different system
Brought to you by:
ecashin
Menu
▾
▴
Re: [Integrit-users] comparing known and current database on a different system
|
From: Ed L C. <ec...@ug...> - 2003-01-04 01:26:36
|
"Dan Beldiman" <lis...@be...> writes: > Hi, > > I'm pretty new to integrit, and what i've seen so far is really > nice! Thanks much. I've been out of town, so I'm sorry I didn't reply right away. > I wonder if I can compare the known and the current database on a > different system then the one where they where created. My idea is > to create the database on an endangered machine, then copy it to a > save place, and compare it there with a database which I think > should be fine. The server which I want to check using integrit is > at a webhoster, and i don't have the posibility to mount some other > filesystem using nfs-readonly as suggested in the documentation. Right now integrit uses a system-dependent way of representing information about files. Specifically, the stat struct containing the information returned by the stat system call is simply written out into the database. That means that a database won't work on one machine if the stat struct has a different format than the machine where the database was created. I'm hoping to work on a cross-platform (and maybe smaller) format for the database stat info very soon. If the stat structs are not compatable, one thing you might be able to do in the mean time is to use the auxiliary utilities along with UNIX tools. Say the database is generated on a host named "gen" and you want to compare the databases on a host named "cmp". You could do something like this: dan@gen databases$ i-viewdb current.cdb | ssh cmp 'gzip > current.txt.gz' ... and then ... dan@cmp dan$ zdiff -u known.txt.gz current.txt.gz | less With a ruby or perl script you could automate it more. -- --Ed L Cashin | PGP public key: ec...@ug... | http://noserose.net/e/pgp/ |
