Re: Tripwire

To: debian-user@lists.debian.org
Subject: Re: Tripwire
From: Tim Kelley <tim@it.kpt.cc>
Date: Fri, 10 Sep 2004 16:22:16 -0500
Message-id: <[🔎] 200409101622.16971.tim@it.kpt.cc>
In-reply-to: <[🔎] 200409101148.31920.d_baron@012.net.il>
References: <[🔎] 200409101148.31920.d_baron@012.net.il>

On Friday 10 September 2004 03:48, David Baron wrote:
> Anyone using this on Debian?
>
> This is a file-system integrity checker, will detect hacks, intrusions,
> etc. I tried it but seems to find lots of stuff that seem part of the
> dynamics of the ongoing system operation, and attempts to change its
> "policy" are crippled by all these items. Examples are things deleted from
> /proc/####/.... numbered subfolders that seem to correspond to processes
> that start and end on the system, permissions in  .../.kde subdirectories
> which I certainly did not touch within the lifetime of this test, INODES
> also touching /proc/#### stuff.


Welcome to tripwire.

It really is mostly useless except on public systems that you never mess with, 
but are very worried about.

You can tweak the settings in /etc/tripwire though, to get it to be at least 
somewhat useful.  Debian gives a good start for a configuration file for it.


-- 
  _   _   _   _   _   _   _   _   _   _   _   _   _  
 / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ 
( t | i | m | @ | i | t | . | k | p | t | . | c | c )
 \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ 
GPG key fingerprint = 1DEE CD9B 4808 F608 FBBF  DC21 2807 D7D3 09CA 85BF

Reply to:

References:
- Tripwire
  - From: David Baron <d_baron@012.net.il>

Prev by Date: Re: bandwidth management
Next by Date: Re: IMAP server with fast search
Previous by thread: Re: Tripwire
Next by thread: Re: Tripwire
Index(es):
- Date
- Thread