TLUG Mailing List

Mailing List Archive

tlug.jp Mailing List tlug archive tlug Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Tripwire - any tips.

Date: Tue, 25 Jun 2002 09:02:30 +0900

From: Michael Doughty <Doughty_Michael@example.com>

Subject: Re: [tlug] Tripwire - any tips.

References: <lGqCp.A.cxB.pl6F9@example.com>
On Tue, 25 Jun 2002 09:22:20 +1000 (EST), Jim Breen wrote:
> Has anyone got some tips on how to configure tripwire so that it produces
> useful results?
> 
> It is installed on my RH7.3 system, probably because I did the default
> server install. It started off by emailing me a daily 59,000-line error
> report. By running "tripwire --init" I have reduced this to a mere
> 1000-line error report, mostly complaining about things that it thinks
> should be in /sbin.
> 
> The man page is not a great deal of help.

You need to edit your /etc/tripwire/twpol.txt file and run
tripwire --update-policy

Basically, sit down with a copy of the report that your are receiving and
if the file doesn't exist on your system, strip it out of the twpol.txt
file.  
Once the policy has been updated, I think I usually run 
tripwire --init to create a database that is synced with the new
policy file.

Michael
Prev by Date: RE: [tlug] Root - NO KDE

Next by Date: Re: [Re: [tlug] CVS and Japanese files]

Previous by thread: [tlug] Tripwire - any tips.

Next by thread: Re: [tlug] Tripwire - any tips.

Index(es):

Date

Thread

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links