on Thu, Jan 05, 2006 at 11:52:06AM -0800, Todd A. Jacobs (nospam@codegnome.org) wrote:
> The amount of data that tripwire reports on /proc is a bit overwhelming,
> and strikes me as not particularly useful most of the time. After all,
> most of the info in the root of /proc is PID info, so while certain
> system processes shouldn't change all that often, most of the stuff in
> there is pretty dynamic.
It's *all* dynamic. Exclude /proc (and /sys) from your tripwire
montoring.
Actually, I'd strongly encourage you look at the AIDE + tripwire
solution suggested by Rick Moen & used by Debian on its project servers:
http://linuxgazette.net/issue98/moen.html
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety.
- Benjamin Franklin, 1755
Attachment:
signature.asc
Description: Digital signature