Re:Tripwire

To: debian-user@lists.debian.org
Subject: Re:Tripwire
From: David Baron <d_baron@012.net.il>
Date: Sun, 19 Sep 2004 12:35:57 +0300
Message-id: <[🔎] 200409191235.57210.d_baron@012.net.il>
In-reply-to: <20040918054215.92DA42DDC6@murphy.debian.org>
References: <20040918054215.92DA42DDC6@murphy.debian.org>

On Saturday 18 September 2004 08:42, 
debian-user-digest-request@lists.debian.org wrote:
> "The tripwire command has a policy update mode which means that a change in
> policy does not require us to reinitialise the database. The policy update
> mode simply synchronises the existing database with the new policy file."

This is precisely the command that does not work. Redoing the policy file 
itself and then building a new database works fine.

It appears the Debian's (other distros as well, most probably) use 
of /root, /etc, /proc, /var are far too volatile for tripwire. /proc must be 
excluded from the policy since /proc/...####/ items are dynamically created 
and destroyed continually. Logrotate produces a whole series alarms since it 
remove archives and creates new ones. So even without any upgrades, the 
database must be resynced after each run. I will probably not continue with 
this one.

Reply to:

Prev by Date: problems removing proftpd
Next by Date: Re: Thunderbird 0.8 folder bug ?
Previous by thread: Re: Tripwire
Next by thread: RE: Tripwire
Index(es):
- Date
- Thread