Tripwire checks of "/var"
Hi
I wish to setup my Sarge tripwire policy file to monitor the files and
subdirectories under "/var". The default "twpol.txt" file (ie tripwire
version 2.3.1.2.0-2.2) seems to be a bit light with only four "/var"
entries, similar to these:
/var -> +tpug
/var/run -> $(Dynamic)
/var/lock -> $(Dynamic)
/var/log -> $(Dynamic)
Do you have any suggestions or examples of what type of checks should
typically be used for this dynamic part of the filesystem ?
Do you know of any sites that contain Debian specific examples ?
Of particular interested is my "/var/lib" which currently contains these
subdirectories:
apache2, dictionaries-common, horde2, logrotate,
postgres, urandom, apt, discover, imp3, misc,
setserial, usbutils, aptitude, dpkg, ipac, ntp,
tripwire, dhcp, exim4, logcheck, php4, ucf
Regards,
Declan
Reply to: