Re: Tripwire
On Friday 10 September 2004 03:48, David Baron wrote:
> Anyone using this on Debian?
>
> This is a file-system integrity checker, will detect hacks, intrusions,
> etc. I tried it but seems to find lots of stuff that seem part of the
> dynamics of the ongoing system operation, and attempts to change its
> "policy" are crippled by all these items. Examples are things deleted from
> /proc/####/.... numbered subfolders that seem to correspond to processes
> that start and end on the system, permissions in .../.kde subdirectories
> which I certainly did not touch within the lifetime of this test, INODES
> also touching /proc/#### stuff.
Welcome to tripwire.
It really is mostly useless except on public systems that you never mess with,
but are very worried about.
You can tweak the settings in /etc/tripwire though, to get it to be at least
somewhat useful. Debian gives a good start for a configuration file for it.
--
_ _ _ _ _ _ _ _ _ _ _ _ _
/ \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \
( t | i | m | @ | i | t | . | k | p | t | . | c | c )
\_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/
GPG key fingerprint = 1DEE CD9B 4808 F608 FBBF DC21 2807 D7D3 09CA 85BF
Reply to:
- References:
- Tripwire
- From: David Baron <d_baron@012.net.il>