You want to snapshot and check your files but you can’t use Tripwire. You have lots of disk space on a remote machine.
Use rsync to copy your important files to the remote machine. Use rsync again to compare the copies on the two machines.
Let trippy and trusty be your two machines as before. You want to ensure the integrity of the files on trippy.
On trippy, store the rsync binary on a CD-ROM mounted at /mnt/cdrom.
On trusty, copy the files from trippy:
trusty# rsync -a -v --rsync-path=/mnt/cdrom/rsync --rsh=/usr/bin/ssh \ trippy:/ /data/trippy-backupCheck integrity from trusty:
trusty# rsync -a -v -n --rsync-path=/mnt/cdrom/rsync --rsh=/usr/bin/ssh \ trippy:/ /data/trippy-backup
The first rsync actually performs copying, while the second merely reports differences, thanks to the -n option. If there are no differences, the output will look something like this:
receiving file list ... done wrote 16 bytes read 7478 bytes 4996.00 bytes/sec total size is 3469510 speedup is 462.97
but if any files differ, their names will appear after the “receiving file list” message:
receiving file list ... done /bin/ls /usr/sbin/sshd wrote 24 bytes read 7486 bytes 5006.67 bytes/sec total size is 3469510 speedup is 461.99
Any listed files—in this case /bin/ls and /usr/sbin/sshd—should be treated as suspicious.
This method has important limitations, most notably that it does not check inode numbers or device numbers. A real integrity checker is better.
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
