to learn a bit about vocabulary. IIRC Dry Lavigne in 100 BSD hacks have described use of mtree to built a primitive HIDS. Building a real HIDS would require some serious knowledge of machine learning (anomaly detection).
My personal favorite to check for rootkits is security/rkhunter, fully integrated with FreeBSD and supports a large variety of rootkit checksums.
When it comes to checking for changed files (note that rkhunter can also do that to a certain degree) then you'd want an IDS (Intrusion Detection System). There are plenty, as Oko mentioned there's even mtree which is provided in the base system. However, I've become a big fan of security/tripwire. A full blown IDS which can check for just about everything. I've posted a tutorial on setting up & using Tripwire, maybe it can give you some impressions. You can find that tutorial here.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
