Tripwire and /proc

To: Debian User List <debian-user@lists.debian.org>
Subject: Tripwire and /proc
From: "Todd A. Jacobs" <nospam@codegnome.org>
Date: Thu, 5 Jan 2006 11:52:06 -0800
Message-id: <[🔎] 20060105195206.GU8926@penguin.codegnome.org>
Mail-followup-to: debian-user@lists.debian.org

The amount of data that tripwire reports on /proc is a bit overwhelming,
and strikes me as not particularly useful most of the time. After all,
most of the info in the root of /proc is PID info, so while certain
system processes shouldn't change all that often, most of the stuff in
there is pretty dynamic.

Since there doesn't appear to be a way to specify wildcards in
tripwire/stable uptodate 2.3.1.2.0-4, it seems like having 30k+ lines
similar to:

    /proc/32768 -> $(SEC_INVARIANT) (recurse = 0) ;

is the best way to minimize this sort of info, although it slows down
tripwire tremendously. Is there a better way to do it, and is there
actually any value in recursing into PID directories in /proc that I'm
overlooking?

-- 
Re-Interpreting Historic Miracles with SED #141: %s/water/wine/g

Reply to:

Follow-Ups:
- Re: Tripwire and /proc
  - From: "Karsten M. Self" <kmself@ix.netcom.com>

Prev by Date: Re: [Way OT] "#!/bin/bash" changes working directory
Next by Date: Re: [Way OT] "#!/bin/bash" changes working directory
Previous by thread: Re: [Way OT] "#!/bin/bash" changes working directory
Next by thread: Re: Tripwire and /proc
Index(es):
- Date
- Thread