Re: Tripwire

To: debian-user@lists.debian.org
Subject: Re: Tripwire
From: ghcbc@yahoo.com
Date: Fri, 10 Sep 2004 13:19:06 -0700
Message-id: <[🔎] 20040910131905.B588@humble>
Mail-followup-to: ghcbc@yahoo.com, debian-user@lists.debian.org
Reply-to: The Helpful Community at <debian-user@lists.debian.org>
In-reply-to: <[🔎] 200409101148.31920.d_baron@012.net.il>; from d_baron@012.net.il on Fri, Sep 10, 2004 at 11:48:31AM +0300
References: <[🔎] 200409101148.31920.d_baron@012.net.il>

On Fri, Sep 10, 2004 at 11:48:31AM +0300, David Baron wrote:
> Anyone using this on Debian? 
> 
> This is a file-system integrity checker, will detect hacks, intrusions, etc. I 
> tried it but seems to find lots of stuff that seem part of the dynamics of 
> the ongoing system operation, and attempts to change its "policy" are 
> crippled by all these items. Examples are things deleted from /proc/####/.... 
> numbered subfolders that seem to correspond to processes that start and end  
> on the system, permissions in  .../.kde subdirectories which I certainly did 
> not touch within the lifetime of this test, INODES also touching /proc/#### 
> stuff.

You can configure it to avoid directories or specific files that you don't
wnat monitored for changes.  See the docs for Tripwire for the details of
how to do so (it has been too long since I've used it for me to give any
hints without checking the docs myself).  As far as I remember, though, the
docs were pretty decent.

GC

Reply to:

References:
- Tripwire
  - From: David Baron <d_baron@012.net.il>

Prev by Date: Re: Re: Jigdo Sarge templates outdated?
Next by Date: Re: Network Connection/Newbie My head is spinning@#$%&
Previous by thread: Re: Tripwire
Next by thread: Re: Tripwire
Index(es):
- Date
- Thread