John W Lemons <[EMAIL PROTECTED]> writes:
> I just added /var/qmail to my tripwire policy, and of course, lots of
> files change frequently. Any suggestions on a policy for this server?
> perhaps just include /var/qmail/bin and /var/qmail/control? Any others?
Here's what I use:
/var/qmail R-2
/var/qmail/bin/qmail-queue R
/var/qmail/control/badmailfrom L-i
!/var/qmail/queue
That checks all the man pages, which is probably unnecessary (although it
is possible to do shell escapes from inside *roff, so...).
--
Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/>
