On Friday 11 January 2008 06:44, Jeremy Sanders wrote: > Jordi Prats wrote: > > You could use tripwire to check periodically all files instead of relay > > on the file system for that task. (I think no file system does this > > checking by now) > > That's a possible idea. > > I would have thought it would be relatively simple to write a block device > which acted a layer between the file system and real block device. I > suppose the difficultly is getting all the corner cases correct. I've never > written any kernel code, so maybe I should investigate doing that for > fun... All files in the system are already hashed. You can see this by doing an "rpm -Va". For example.. to create a baseline of a system to compare against, just cron a script to: rpm -Va > /root/RPMV/system-rpm-baseline.txt then once/day or whatever, do a diff... or just grep for any "bin" directory changes and diff that. I like this better than messing with tripwire. It's already there, native, and easy to use. Tweeks Confidentiality Notice: This e-mail message (including any attached or embedded documents) is intended for the exclusive and confidential use of the individual or entity to which this message is addressed, and unless otherwise expressly indicated, is confidential and privileged information of Rackspace Managed Hosting. Any dissemination, distribution or copying of the enclosed material is prohibited. If you receive this transmission in error, please notify us immediately by e-mail at abuse@xxxxxxxxxxxxx, and delete the original message. Your cooperation is appreciated. _______________________________________________ Ext3-users mailing list Ext3-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/ext3-users
