-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am in the process of designing a Tripwire 2.3 policy file that is based on the FHS plus annexes for GNU/Linux and Debian's distribution of it. I don't like the current policy file which is just a list of all of the Debian "Important"-level package files - it complains too much about missing files when one does not have a "standard" setup and it is really too detailed (=> long to read) in the wrong places. In addition, it does not check some Debian-specific stuff like the contents of /var/lib/dpkg. My goal is that the system will be sufficiently modular that one can just patch in a few tiny distribution-specific changes and have a nice policy for any FHS-compliant system. I am trying to limit references to individual files to the absolute minimum and instead address whole directories at a time. Hopefully, this will result is a shorter, yet more thorough policy that never causes a complaint except when there has been a real unauthorised change. Eventually I also plan to write a script that will automatically check off files that have been changed by dpkg and reported by Tripwire, perhaps using md5sum info from the .debs. Before I get too far, I would like to ask the question: is anyone is working on a similar project? Perhaps for aide or another IDS? I've done some Google searches for "FHS and Tripwire", but except for a few off-hand remarks, it seems that noone is working on this idea. Erik Rossen ^ GPG key ID: 2935D0B9 [EMAIL PROTECTED] /e\ "Use GnuPG, see the http://www.multimania.com/rossen --- black helicopters." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7gi+jY88aPik10LkRAiBEAKDVJJ28JRs9vU+d/LQKMyFru4dRCACdFcyR muveSPk58ya0khe4tPpr6UI= =Dx2o -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
