tripwire and log rotations question
plug-discuss@lists.plug.phoenix.az.us
plug-discuss@lists.plug.phoenix.az.us
Thu, 02 Jan 2003 10:46:18 -0800 (PST)
You can specify which files to include/exclude in your tripwire config file.
George
Quoting Scott H <scottlhenderson@yahoo.com>:
> So now that I'm an at-home Linux user that has
> begun to use Linux at my company for servers
> (formerly all was MS), I'm faced with *NIX admin
> issues that are all new to me. Today's example
> is: I have a RH7.3 server with tripwire installed
> and a cron job that emails a tripwire report to
> me daily. Works great. RH7.3 has a log rotation
> system set up by default, and this works well
> too, rotating the logs once per week. But of
> course, tripwire notices each week and reports
> that the log files have been changed (I'm
> guessing it's the inode # that changes on these?)
> and puts it in the report. Now, I want to know
> if a cracker messes with my log files, of course,
> so I DO want tripwire to monitor these files.
> But I DON'T want tripwire to report on the
> routine, weekly log file rotation, causing me to
> have to go in and do an update on the tripwire
> db. How do I fix this?
>
> Thanx,
>
> Scott
>
>
> .
>
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>