Re: Tripwire reports many violations but no errors

From: Juha Laiho (Juha.Laiho_at_iki.fi)
Date: 05/04/04


Date: Tue, 04 May 2004 16:17:03 GMT

Anthony Campbell <me@privacy.net> said:
>Thanks for this explanation, which confirms what I suspected and
>provides useful details. I do an upgrade from unstable most days which
>no doubt explains the report. I'm beginning to wonder if it is worth
>having tripwire there on a standalone system. I installed it after I had
>to reinstall my system following a compromise, but keeping it up to date
>seems to be fairly time-consuming.

It's somewhat time-consuming, but if you can restrict your updates
(_and_ check that the configuration file doesn't report unnecessary
changes), you could refresh the database manually after each update
(preferably running a check just before the update). But yes, it's
work, and I'm also considering whether running tripwire is worth
anything for me.

-- 
Wolf  a.k.a.  Juha Laiho     Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
         PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)