Forum: Cfengine Help Subject: Re: depth_search exclude files in tripwire changes Author: neilhwatson Link to topic: https://cfengine.com/forum/read.php?3,19372,19415#msg-19415
What good would a file called exlcude_me do? It's not something that would be executed by anything automatically. Any sysadmin would examine it. High level, intrusion detection is one of those things that is not a great pay off given that it is only reactive. Once you detect the change the damage is already done. Better to be proactive. 1. Have Cf mind file permissions. 2. Have Cf mind file contents. 3. Good enforcement of access controls for logins and systems like apparmour and selinux. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
