From: Paul Furness <paul.furness@vil.ite.mee.com>
To: peter schoch <pschoch@sussex.cc.nj.us>
Cc: linux-newbie@vger.kernel.org
Subject: Re: RH 7.3 and tripwire
Date: 25 Nov 2002 09:12:40 +0000 [thread overview]
Message-ID: <1038215558.20988.38.camel@zebra.vil.ite.mee.com> (raw)
In-Reply-To: <sdde49fa.036@mail.sussex.edu>
Peter,
Firstly, do you actually need / want to run tripwire? It is mostly
useful for intrusion detection type things, which may not matter if your
PC is either on a secure network, or standalone. In which case, I'd just
remove tripwire from your system.
I don't run tripwire on my workstations, but I _do_ run it on the
machines in my DMZ (such as web server) since they are at a much higher
risk of hack attack than those inside my firewall on my internal
network.
If you decide that you _do_ need tripwire, it could well be that it's
not configured for your system's setup. Can you give us a little more
detail about the errors that tripwire is reporting?
As for documentation: I haven't found anything that is better than the
man page for explaining how it works. In principal it's very simple: you
create a list of files to watch, and tripwire takes a note of various
attributes of the files (such as size, date and so on). At a later time
(usually from a cron job) tripwire compares the file against the
information it has, and reports any discrepancy. You can tell it the
level at which to check the file and the kind of warning it gives.
Paul.
On Fri, 2002-11-22 at 20:14, peter schoch wrote:
> Greetings,
>
> I just upgraded from RH6.2 to RH7.3. I've been fighting with it for several days now.
>
> My last, big 'fight' is with tripwire. I keep getting cron mail that tripwire had all sorts of troubles. It gives me commands to 'fix' the trouble, and have run them; however the problems apparently persist. I don't remember using tripwire in 6.2, so is there a good resource for finding out what to do?
>
> Peter Schoch
> Sussex County Community College
> -
> To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs
--
Paul Furness <paul.furness@vil.ite.mee.com>
Mitsubishi Electric ITE BV VIL
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs
next prev parent reply other threads:[~2002-11-25 9:12 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-11-22 20:14 RH 7.3 and tripwire peter schoch
2002-11-25 9:12 ` Paul Furness [this message]
-- strict thread matches above, loose matches on Subject: below --
2002-11-25 18:31 peter schoch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1038215558.20988.38.camel@zebra.vil.ite.mee.com \
--to=paul.furness@vil.ite.mee.com \
--cc=linux-newbie@vger.kernel.org \
--cc=pschoch@sussex.cc.nj.us \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox