Comparison with existing systems:
Stamp is similar to tripwire and S3.
Stamp is distinguished in that it:
- Uses md5 only for checksums
- Handles file content, owner, group, extended permissions and symlink targets
- Is freely redistributable
- Is written in python
- Is intended for use on all files within a machine's "system partitions"
- Is typically run on a system right after installation
- Detects files that have been removed, but not files that have been added
Components of stamp, and what they do:
- stamp: Memorizes what a machine's "system" filesystems look like.
- check-stamp: Generates a new stamp, and compares it with /var/adm/stamp.gz
- S99stamp: Invoked from /etc/rc3.d (or similar), this creates a stamp (/var/adm/stamp.gz) the first time a machine is rebooted (and again until the first time a stamp is successfully generated).
Why?
Obviously, stamp can be used for security purposes - tho in that case, you probably don't want to leave the information lying around in /var/adm/stamp.gz.
We use stamp primarily to facilitate upgrades. That is, our autoinstall system automatically configures machines to run stamp right after an install, and then prior to an upgrade, we run check-stamp to see what things have been changed on the system, since the time when it was last installed. In practice, this takes a lot of guess-work out of reinstalling machines that are normally administrated by other individuals.
Installation:
- Make sure you have gzip and gunzip somewhere.
- Grab stamp.shar.
- Grab daemon,
compile it and install it. It's an easy build. This was needed for proper
operation of S99stamp on OSF/1, but you can probably get away without on most
unix variants).
- Grab the python distribution and
build it, if you haven't already. This language is so much more
reasonable than perl... Python is also an easy (autoconf'd) build.
- Extract the files in stamp.shar, and copy stamp and check-stamp to
reasonable places (/usr/local/bin for most sites)
- grep for "dcs" and change any pathnames containing this string, to those that are appropriate for your environment.
- Copy S99stamp into /etc/rc3.d (or /sbin/rc3.d on OSF/1), and reboot
(This HTML brought to you by the HTML-editing widget of the Andrew
Toolkit, on a Solaris 2.5 machine)