tripwire and log rotations question
Scott H
plug-discuss@lists.plug.phoenix.az.us
Thu, 2 Jan 2003 09:33:34 -0800 (PST)
So now that I'm an at-home Linux user that has
begun to use Linux at my company for servers
(formerly all was MS), I'm faced with *NIX admin
issues that are all new to me. Today's example
is: I have a RH7.3 server with tripwire installed
and a cron job that emails a tripwire report to
me daily. Works great. RH7.3 has a log rotation
system set up by default, and this works well
too, rotating the logs once per week. But of
course, tripwire notices each week and reports
that the log files have been changed (I'm
guessing it's the inode # that changes on these?)
and puts it in the report. Now, I want to know
if a cracker messes with my log files, of course,
so I DO want tripwire to monitor these files.
But I DON'T want tripwire to report on the
routine, weekly log file rotation, causing me to
have to go in and do an update on the tripwire
db. How do I fix this?
Thanx,
Scott
.
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com