Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
Re: [suse-security] Tips zur tripwire config?
  • From: Matthias Riese <matthias.riese@xxxxxxxxxxxxx>
  • Date: 14 Aug 2002 21:49:07 +0200
  • Message-id: <m2ofc5fcgc.fsf@xxxxxxxxx>
Hi Mathias,

I've installed tripwire from the SuSE RPM and it came with the
configuration below which I think is quite reasonable. It watches all
filesystems (/ R) and excludes only areas where changing files are
quite normal.

However for a no-luser machine like a firewall you probably can remove
the exclusion of:

/home
/dev
/etc/mtab

You may just comment it out and see if it gives you false alarms.

Please note that with this configuration you will encounter alarms
triggered by /etc changing mtime and ctime - that's completely ok,
because some daemons shuffle files around in /etc regularly.

Regards, Matthias


#
# Tripwire config-file
#



/ R


!/proc

!/var

!/root
/root/bin


!/dev

!/tmp


!/etc/mtab
!/etc/ntp.drift
!/etc/ld.so.cache
!/etc/snmpd.agentinfo
!/etc/ssh_random_seed
!/etc/mail/sendmail.st

!/home

< Previous Next >