There is a sys/ dir in under src/ in sys/ there is a listing of possible architectures you can build a kernel for, inside the one you select there is a conf/ dir.
If you do a ‘ls’ in the conf/ dir you will see the possible pre-built kernel configs you can select from. In the MAC config you will see a few options to uncomment. Remove the # from infront of ‘options MAC_BIBA’.
options MAC options MAC_BIBA # BIBA data integrity policy
Once you are done that go back to /usr/src/ and you can start to make the kernel.
make buildkernel KERNCONF=MAC make installkernel KERNCONF=MAC
That’s the build completed but there is a few more steps to configuring biba on your system to come.]]>
To build your own MAC kernel or any FreeBSD kernel you will need to get the source tree, you can do this by using cvsup and a config file.
Mine is called supfile, and it looks like this.
*default tag=RELENG_7_2_0_RELEASE *default host=cvsup3.jp.FreeBSD.org *default prefix=/usr *default base=/var/db *default release=cvs delete use-rel-suffix compress src-all
You will have to change the release as needed and you may want to pick another host. Once you have the file install cvsup.
pkg_add -rv cvsup-without-gui
Or you can use the ports tree if you want to, its under /usr/ports/devel/
Now run cvsup to download the tree.
I tired a few files from a FreeBSD machine I have, but it was not able to locate a match. I am sure there would have been more success if files from a Windows based system had been tried.
This will be an excellent tool to verify the integrity of files on systems, more then once I have been in a situation where I needed to validate the integrity of a file with out a know good sample available.
If the status of a machine is in question I would not even collect the has off the system while it is running, booting into a liveCD like Knoppix ( http://www.knoppix.org/ ) or my favorite FreeBSD ( http://www.freebsd.org/where.html ) is the best way to ensure the integrity of the hash.
On freebsd you can use the md5 or sha1 command.
> md5 /lib/libc.so.7
MD5 (/lib/libc.so.7) = e16f4e5c137bd7f445b32733f45ac268