default tripwire policy

To: debian-security@lists.debian.org
Subject: default tripwire policy
From: Felipe Figueiredo <philsf79@gmail.com>
Date: Tue, 12 Feb 2008 07:22:58 -0200
Message-id: <[🔎] 200802120722.59352.philsf79@gmail.com>

Hello,

I'm preparing two sarge installations for the upgrade to etch and was faced 
with the same issue I had in sarge: tripwire is overzealous about /var/log 
daily rotations and /proc processes. 

Question1: if these files are daily changing in a standard installation, why 
is it that the default tripwire does not reflect it?

Question2: What I did, in sarge was to prevent tripwire from parsing the 
contents of these two directories (!/proc; and !/varlog; in the policy file), 
but then I believe this defeats at least part of the purpose. OTOH, it's 
useless to get daily reports of logrotate activity, and /proc contents 
changes. Is there a middle term?

regards
FF

Reply to:

Prev by Date: default tripwire policy
Next by Date: [DSA 1494-1] Missing update for user-mode-linux (was: [SECURITY] [DSA 1494-1] New linux-2.6 packages fix privilege escalation)
Previous by thread: default tripwire policy
Next by thread: [DSA 1494-1] Missing update for user-mode-linux (was: [SECURITY] [DSA 1494-1] New linux-2.6 packages fix privilege escalation)
Index(es):
- Date
- Thread