recursive checking and log files (tripwire)
ok, still getting tripwire all set up. never tried anything like this before, so i'm still having some questions with it. first, i haven't figured everything out about "recurse" syntax in the twpol.txt file. i find entries like these:
/home -> $(SEC_INVARIANT) (recurse = 0) ;
/sbin -> $(SEC_BIN) (recurse = 1) ;
recurse = false,
what exactly does that mean. does the "recurse = false" in the rule description mean everything listed in that rule set is what is checked...and never to go down a directory?
and the "recurse = 0" does that mean only check the file or directory directly listed in the rule set...don't descend...while "recurse=1" means check everything and go decend one directory as well? those are my best estimations as to the syntax. if someone could straighten me out i'd appreciate.
also i'm getting the log rotations showing up on my reports. under /var/log
the following show up, along with their rotation logs (1,2,3, exetra):
i'm not exaclty sure, since i'm also new to administrating, as to what to do about this. should i ignore this errors, and chalk them up to rotation, and try to remove them from my tripwire's scans? is that bad for security. is there some i can remove from the check and some that i shouldn't. i'm not sure exactly what a good policy is? anybody with more background and security expertise got some suggestions. i know it happends to everybody, just not sure what the best policy is....