Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
Re: [suse-security] Tips zur tripwire config?
  • From: Matthias Riese <matthias.riese@xxxxxxxxxxxxx>
  • Date: 14 Aug 2002 21:49:07 +0200
  • Message-id: <m2ofc5fcgc.fsf@xxxxxxxxx>
Hi Mathias,

I've installed tripwire from the SuSE RPM and it came with the
configuration below which I think is quite reasonable. It watches all
filesystems (/ R) and excludes only areas where changing files are
quite normal.

However for a no-luser machine like a firewall you probably can remove
the exclusion of:


You may just comment it out and see if it gives you false alarms.

Please note that with this configuration you will encounter alarms
triggered by /etc changing mtime and ctime - that's completely ok,
because some daemons shuffle files around in /etc regularly.

Regards, Matthias

# Tripwire config-file

/ R








< Previous Next >