On Tue, Oct 22, 2002 at 11:36:06PM +0800, Dion Mendel wrote: > Which files do people exclude when using integrity checkers > (e.g. aide/tripwire etc)?
I don't typically exclude many files, but I often limit the changes that tripwire notifies me about. For example, if one of my users changes their password, I don't need to know that the md5 checksum of /etc/shadow has changed. However, if the link count, ownership, or permissions of /etc/shadow change, I want to know about it. Configuring tripwire is fairly easy for this type of thing. I'll happily share bits of my policy file if you want. I have very little experience with AIDE, so I don't know if it's possible to do this type of thing with it. I installed it for a short while and found it unpleasant to work with. I found tripwire to be superior, and contarary to popular belief, it is at least as free as AIDE. See www.tripwire.org. And note that this is not the same tripwire that shipped with potato. That version was ancient and slow and bad. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
msg07497/pgp00000.pgp
Description: PGP signature
