default tripwire policy
I'm preparing two sarge installations for the upgrade to etch and was faced
with the same issue I had in sarge: tripwire is overzealous about /var/log
daily rotations and /proc processes.
Question1: if these files are daily changing in a standard installation, why
is it that the default tripwire does not reflect it?
Question2: What I did, in sarge was to prevent tripwire from parsing the
contents of these two directories (!/proc; and !/varlog; in the policy file),
but then I believe this defeats at least part of the purpose. OTOH, it's
useless to get daily reports of logrotate activity, and /proc contents
changes. Is there a middle term?