FHS + Debian Tripwire policy file
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am in the process of designing a Tripwire 2.3 policy file that is based
on the FHS plus annexes for GNU/Linux and Debian's distribution of it. I
don't like the current policy file which is just a list of all of the
Debian "Important"-level package files - it complains too much about
missing files when one does not have a "standard" setup and it is really
too detailed (=> long to read) in the wrong places. In addition, it does
not check some Debian-specific stuff like the contents of /var/lib/dpkg.
My goal is that the system will be sufficiently modular that one can just
patch in a few tiny distribution-specific changes and have a nice policy
for any FHS-compliant system. I am trying to limit references to
individual files to the absolute minimum and instead address whole
directories at a time. Hopefully, this will result is a shorter, yet more
thorough policy that never causes a complaint except when there has been a
real unauthorised change.
Eventually I also plan to write a script that will automatically check off
files that have been changed by dpkg and reported by Tripwire, perhaps
using md5sum info from the .debs.
Before I get too far, I would like to ask the question: is anyone is
working on a similar project? Perhaps for aide or another IDS? I've done
some Google searches for "FHS and Tripwire", but except for a few off-hand
remarks, it seems that noone is working on this idea.
Erik Rossen ^ GPG key ID: 2935D0B9
rossen@freesurf.ch /e\ "Use GnuPG, see the
http://www.multimania.com/rossen --- black helicopters."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7gi+jY88aPik10LkRAiBEAKDVJJ28JRs9vU+d/LQKMyFru4dRCACdFcyR
muveSPk58ya0khe4tPpr6UI=
=Dx2o
-----END PGP SIGNATURE-----
Reply to: