On Thursday 09 January 2003 10:29 pm, Jack Coates wrote: > On Thu, 2003-01-09 at 20:54, Lorne wrote: > > I'm having trouble finding a simple piece of information on tripwire. > > Since the existing config files aren't designed with Mandrake in mind, it > > is pretty useless out of the box. I've got it figured out now, but since > > I'm not a total linux gear head yet I have a dumb question perhaps. > > > > Is it safe to assume that /sbin and /bin should have no files ever > > change? If that is the case, then I need to add every single one to the > > file. Obviously files change in /var etc, but I'm a little unsure of all > > the files I need to add system wide. > > /sbin and /bin shouldn't change unless a security patch does it. > Tripwire has a directory-level setting, you don't have to enter every > singel file. > Well that is what I thought, but then why do they follow up in the red hat version and mark every single file and give it a rating of say SEC_CRIT ?? Is that redundant? I guess I can test this theory by finding a file not currently listed in the pol file, then over writing it with another and run a check and see if it catches it eh?
Later.... I just did a test of the above theory. BINGO! You are absolutely correct. I detected an add sure enough. Do you know why they have all those individual files listed with a SEC_CRIT? > > Thanks in adance. > > > > ---- > > > > > > Want to buy your Pack or Services from MandrakeSoft? > > Go to http://www.mandrakestore.com
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
