Christian Hopp <address@hidden> writes:
I agree with Thomas, it is less secure when checksum will depend on
ctime. I think that solution outlined above (with configuration swith)
will be useful to allow sysadmin choose check for every cycle (more
security) or performance instead, such as:
[set checksumAlways {true|false}]
If not specified, true should be default (i think).
What do you think about it?
A good point... I will take care of a "checksumAlways {true|false}"
option!
Maybe it could be an idea and check both ctime and mtime? I created
the following function before I planed to start the implementation:
new in monitor.h:
#define MAX(x,y) ((x) > (y) ? (x) : (y))
in util.c:
/**
* Get a files last modified timestamp. This function returns the max
* of either st_mtime or st_ctime. If the file does not exist or is
* not a regular file FALSE is returned
* @param file A file to stat
* @return last modification time or FALSE if not found or not a regular file
*/
long getchange_file(char *file) {
struct stat buf;
if(!stat(file, &buf))
if(S_ISREG(buf.st_mode))
return MAX(buf.st_mtime, buf.st_ctime);
return FALSE;
}