[ale] Diff the whole file system?
Ed Cashin
ecashin at noserose.net
Fri Mar 23 10:05:18 EDT 2012
I wrote something a lot more simple than tripwire. tripwire was fine
but took forever to fully understand and didn't seem convenient
enough. My integrit software was designed to be "done", not active,
so it hasn't been updated in a long time, but it ought to work.
http://sourceforge.net/projects/integrit/
But anyway that will just tell you what has changed, not how, as diff
would for text files.
To get a diff, you could use rsync to make a remote backup like this
at leisure beforehand (untested):
set -xe
for d in / /var; do
nice -n 20 rsync -axc "$d" fruity:/backups/A"$d"
done
... then later on host "fruity", create hard links (a fast operation
taking up very little extra space),
cp -al /backups/A /backups/B
... then after the changes have been made on the host you're worried
about, rsync again but do it to "B", not "A", transmitting only things
that have changed. That way on fruity, you can do,
cd /backups
diff -urN A B
On Fri, Mar 23, 2012 at 9:25 AM, Brian Stanaland <brian at stanaland.org> wrote:
> Have you checked out Tripwire? It's typically used to check config files for
> changes so I don't know how well it'd handle the whole file system but it's
> worth a look.
>
> Brian S.
>
>
>
> On Friday, March 23, 2012, James Sumners <james.sumners at gmail.com> wrote:
>> I have a situation where I'm being forced to allow a remote installer
>> to have root level sudo access to install their company's product
>> (don't like it, but it's out of my hands). Technically, I have the
>> system setup such that they should not need such access, but I can't
>> change the monkey's script. Anyway, I'd like to be able to sort of
>> "snapshot" my file system before I let them in so that I can go back
>> and look at a before and after difference. Do any of you know of such
>> a tool? Could this be done with rsync?
>>
>> I've read that LVM supports snapshots at the block level. Seeing as
>> they are block level snapshots I don't see how that will help me
>> figure out what the installer changed. I'd be able to revert the
>> changes, but not study them.
>>
>> --
>> James Sumners
>> http://james.roomfullofmirrors.com/
>>
>> "All governments suffer a recurring problem: Power attracts
>> pathological personalities. It is not that power corrupts but that it
>> is magnetic to the corruptible. Such people have a tendency to become
>> drunk on violence, a condition to which they are quickly addicted."
>>
>> Missionaria Protectiva, Text QIV (decto)
>> CH:D 59
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>
> --
> The more laws and order are made prominent,
> The more thieves and robbers there will be. Lao-tzu, The Way of Lao-tzu
> Chinese philosopher (604 BC - 531 BC)
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
--
Ed Cashin <ecashin at noserose.net>
http://noserose.net/e/
http://www.coraid.com/
More information about the Ale
mailing list