[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

default tripwire policy


I'm preparing two sarge installations for the upgrade to etch and was faced 
with the same issue I had in sarge: tripwire is overzealous about /var/log 
daily rotations and /proc processes. 

Question1: if these files are daily changing in a standard installation, why 
is it that the default tripwire does not reflect it?

Question2: What I did, in sarge was to prevent tripwire from parsing the 
contents of these two directories (!/proc; and !/varlog; in the policy file), 
but then I believe this defeats at least part of the purpose. OTOH, it's 
useless to get daily reports of logrotate activity, and /proc contents 
changes. Is there a middle term?


Reply to: