Tripwire checks of "/var"

To: debian-security@lists.debian.org
Subject: Tripwire checks of "/var"
From: Declan Mullen <declan@mullen.net.au>
Date: Wed, 26 Jan 2005 10:55:51 +1100
Message-id: <[🔎] 41F6DC87.4030205@mullen.net.au>

Hi

I wish to setup my Sarge tripwire policy file to monitor the files and
subdirectories under "/var". The default "twpol.txt" file (ie tripwire
version 2.3.1.2.0-2.2) seems to be a bit light with only four "/var"
entries, similar to these:

  /var       -> +tpug
  /var/run   -> $(Dynamic)
  /var/lock  -> $(Dynamic)
  /var/log   -> $(Dynamic)

Do you have any suggestions or examples of what type of checks should
typically be used for this dynamic part of the filesystem ?

Do you know of any sites that contain Debian specific examples ?

Of particular interested is my "/var/lib" which currently contains these
subdirectories:

  apache2, dictionaries-common, horde2, logrotate,
  postgres, urandom, apt, discover, imp3, misc,
  setserial, usbutils, aptitude, dpkg, ipac, ntp,
  tripwire, dhcp, exim4, logcheck, php4, ucf

Regards,
Declan

Reply to:

Prev by Date: Re: Unsubscribe
Next by Date: ABSENT
Previous by thread: Ik ben op vakantie.
Next by thread: ABSENT
Index(es):
- Date
- Thread