Urgent help needed: Licensing snafu following server crash

Bill Campbell bill at celestial.com
Fri Sep 21 22:01:56 PDT 2007 

On Sat, Sep 22, 2007, Fairlight wrote:
>Only Bill Campbell would say something like:
>> We build all systems with a partition identical in size to the
>> root partition, mounted on ``/backroot'' (but not automounted),
>> onto which we make a complete copy of the root file system with
>> only the /etc/fstab file modified so that the partitions for the
>> root and /backroot are reversed (/etc/default/filesys on OpenServer).
>> The boot menu allows one to boot into this partition as needed.
>
>I like this idea, Bill.  Thanks for sharing that!
>
>> Before doing any on-line update, we rsync the ``/'' partition to
>> `/backroot'', and test the boot just to be on the safe side.
>> This gives us a fall-back position if the update hoses the
>> system, and also may be useful if a machine is cracked.
>
>That's sweet.  You'd just need a differential list of files
>added/removed/modified and you can track exactly what was done in a crack,
>if you track the normal activity finely enough, of course.  I love it when
>one can basically make the machine tell you what was done to it.  I always
>like to see more ways of doing that. 

I've written a python script that tracks essential information on critical
files and directories, based loosely on tripwire (it uses tripwire's
configuration files).  It keeps track of any changes to critical files,
lists new files in specified directories (e.g., /bin, /sbin, /etc,
/usr/bin, /usr/sbin, ...), and files that have gone missing.  This has been
invaluable in detecting cracked systems, and has made it possible to
restore them without installing from scratch.

>Elegant!  And sound advice.  Again, sweet!
>
>This one's getting saved.  Very worth it.

I'm glad you like it :-).

Bill
--
INTERNET:   bill at celestial.com  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
FAX:            (206) 232-9186  Mercer Island, WA 98040-0820; (206) 236-1676

When you have an efficient government, you have a dictatorship.
                -- Harry Truman

More information about the Filepro-list mailing list