RE: Tripwire
From: Adam Aube (aaube01_at_baker.edu)
Date: 09/24/04
- Previous message: Adam Aube: "Re: Apache 2 error log - Looks like somebody has been trying to break into my machine HELP"
- In reply to: David Baron: "RE: Tripwire"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: debian-user@lists.debian.org Date: Thu, 23 Sep 2004 19:15:52 -0400
David Baron wrote:
> So ... I have this thing fairly stable. 14 /etc items seem to change daily
> due to their chron or daemon execution. Can live with this. (Results with
> alternatives such as aide should be similar--the ideal monitoring package
> would track upgrades and logrotations et al and not squawk at these.)
That seems odd - what items in /etc are changing?
> RIght now, I have /var and /proc excluded because of their volativity. I
> assume there are specific items/directories in these which SHOULD be
> monitored. Can anyone tell me which ones?
/proc can safely be ignored. As for /var:
- Log files can grow in size, but should not change ownership or
permissions. This will also sound an alert if your logs are truncated.
- Watching the crontab spool would be a good idea to make sure no one's
slipped something nasty into root's crontab.
Adam
-- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- Previous message: Adam Aube: "Re: Apache 2 error log - Looks like somebody has been trying to break into my machine HELP"
- In reply to: David Baron: "RE: Tripwire"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
