Checksumming layer
tweeks
tweeks at rackspace.com
Fri Jan 11 19:55:46 UTC 2008
On Friday 11 January 2008 06:44, Jeremy Sanders wrote:
> Jordi Prats wrote:
> > You could use tripwire to check periodically all files instead of relay
> > on the file system for that task. (I think no file system does this
> > checking by now)
>
> That's a possible idea.
>
> I would have thought it would be relatively simple to write a block device
> which acted a layer between the file system and real block device. I
> suppose the difficultly is getting all the corner cases correct. I've never
> written any kernel code, so maybe I should investigate doing that for
> fun...
All files in the system are already hashed. You can see this by doing
an "rpm -Va". For example.. to create a baseline of a system to compare
against, just cron a script to:
rpm -Va > /root/RPMV/system-rpm-baseline.txt
then once/day or whatever, do a diff... or just grep for any "bin" directory
changes and diff that. I like this better than messing with tripwire. It's
already there, native, and easy to use.
Tweeks
Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace
Managed Hosting. Any dissemination, distribution or copying of the enclosed
material is prohibited. If you receive this transmission in error, please
notify us immediately by e-mail at abuse at rackspace.com, and delete the
original message. Your cooperation is appreciated.
More information about the Ext3-users
mailing list