Hi. Is there any reliable way to verify checksums of all local files for some FreeBSD installation? E.g. I'm using a hoster which provides pre-deployed FreeBSD instances, how can I be sure there are no any patches\changes in a kernel\services etc? Does FreeBSD provides any automated tools for such kind of a verification? Thanks.
Assuming you trust it to not be modified, and you point it at legitimate mirror, freebsd-update IDS should be able to tell you if anything's amiss. See: https://www.freebsd.org/doc/handbook/updating-upgrading-freebsdupdate.html Section: 23.2.4. System State Comparison
On 2/23/2016 10:17 PM, Robert Ayrapetyan wrote:> Hi. Is there any reliable way to verify checksums of all local files > for some FreeBSD installation? E.g. I'm using a hoster which provides > pre-deployed FreeBSD instances, how can I be sure there are no any > patches\changes in a kernel\services etc? Does FreeBSD provides any > automated tools for such kind of a verification? Thanks.IYou can try freebsd-update with the IDS option. Have a look at the man page for details. -Matthew
> Hi. Is there any reliable way to verify checksums of all local files for some > FreeBSD installation? E.g. I'm using a hoster which provides pre-deployed > FreeBSD instances, how can I be sure there are no any patches\changes in a > kernel\services etc?At the filesystem-level there's security/integrit which we use with a wrapper script for readable reports. Integrit replaced tripwire when that company moved away from FOSS.>From the configuration-level there's 'pkg info', 'sysrc -a', 'ipfw sh',... and of course the parsed output from /var/log/* to add real-time monitoring. I also recommend supplementing these tools with revision tracking for anything host-specific and non-binary such as /etc/periodic/*/* and /etc/rc.*. RCS works well for this on the localhost-level. On a large scale ansible is my tool of choice for pulling this information from any number of hosts into hg or git from which deltas and other reports can be easily generated. If you manage a large number of hosts and are interested in helping to pull all of these tools into a pkg/port let me know. Roger
> On 24 Feb 2016, at 05:17, Robert Ayrapetyan <robert.ayrapetyan at gmail.com> wrote: > > Hi. Is there any reliable way to verify checksums of all local files for some FreeBSD installation? E.g. I'm using a hoster which provides pre-deployed FreeBSD instances, how can I be sure there are no any patches\changes in a kernel\services etc? Does FreeBSD provides any automated tools for such kind of a verification?Just a quick note; if you suspect malicious intent from a competent attacker (your provider in this case), running an IDS-type check won't do. It's possible to use a kernel-module that omits itself when you're looking at the file system after boot for example, so it'd be invisible or look normal when checking the filesystem. Since you say "instance", I'm thinking probably VPS, in which case there needs to be a level of trust in the provider anyway, and this probably doesn't apply to you. Just wanted to mention it quickly as an apropos. Terje