Tuning tripwire - stopping logs being flagged up

To: "(debian-user@lists.debian.org)" <debian-user@lists.debian.org>
Subject: Tuning tripwire - stopping logs being flagged up
From: Rich Stanton <stantonrj@Cf.ac.uk>
Date: Sat, 03 Sep 2005 14:55:39 +0100
Message-id: <[🔎] 4319AB5B.2040303@Cf.ac.uk>

I'm trying to tune tripwire (under debian testing) to give me lessunneccessary errors. At the moment /var/log/syslog and files in/var/log/cups, exim4, tiger are all being listed as being modified.Obviously this is fine, since they're logs, so I don't want to benotified of this. In the standard twpol.txt file, there is a variablecalled 'SEC_LOG' which it says is for files which should grow but notchange ownership which sounds like these. In the default there was asection which looked like this:


/var/lock               -> $(SEC_CONFIG) ;
       /var/run                -> $(SEC_CONFIG) ; # daemon PIDs
       /var/log                -> $(SEC_CONFIG) ;

So I changed it to look like this:
       /var/lock               -> $(SEC_CONFIG) ;
       /var/run                -> $(SEC_CONFIG) ; # daemon PIDs
       /var/log                -> $(SEC_LOG) ;
       /var/log/cups           -> $(SEC_LOG) ;
       /var/log/exim4          -> $(SEC_LOG) ;
       /var/log/tiger          -> $(SEC_LOG) ;

But I'm still getting warnings about files in these directories beingmodified. Is it because the logs are being rotated, archived etc?What's the best way to deal with this - do I even need to be notifiedabout anything in /var/log?

Reply to:

Prev by Date: Re: Anyone else having trouble with ddclient and dyndns.org today?
Next by Date: Re: PLease help
Previous by thread: Re: mounting USB drive: "FIFO stuck"
Next by thread: distcc problem - Gentoo client - Debian sarge server
Index(es):
- Date
- Thread