Hosting Provided By

default tripwire policy

From: Felipe Figueiredo <philsf79(at)gmail.com>
Date: Tue Feb 12 2008 - 04:22:58 EST

Hello,

I'm preparing two sarge installations for the upgrade to etch and was faced with the same issue I had in sarge: tripwire is overzealous about /var/log daily rotations and /proc processes.

Question1: if these files are daily changing in a standard installation, why is it that the default tripwire does not reflect it?

Question2: What I did, in sarge was to prevent tripwire from parsing the contents of these two directories (!/proc; and !/varlog; in the policy file), but then I believe this defeats at least part of the purpose. OTOH, it's useless to get daily reports of logrotate activity, and /proc contents changes. Is there a middle term?

regards
FF

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Tue Feb 12 04:40:05 2008

This message: [ Message body ]
Next message: Nicolas Boullis: "[DSA 1494-1] Missing update for user-mode-linux (was: [SECURITY] [DSA 1494-1] New linux-2.6 packages fix privilege escalation)"
Previous message: Felipe Figueiredo: "default tripwire policy"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:55:43 EDT