LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-01-2010, 07:18 PM   #1
kaplan71
Member
 
Registered: Nov 2003
Posts: 801

Rep: Reputation: 39
Periodic update of tripwire policy file


Hi there --

I have tripwire 2.4.1.2 running on one of our servers on a daily basis, and I was curious to know if it is good practice to periodically update the policy file.

The reason for my asking that is while the daily reports that I get indicate there have been changes to files on a daily basis, there are also files that have not been modified for over a month. My thinking is an update of the policy file will establish an updated baseline, and those files that have not been changed for so long will not be reported on until they get changed again.

The idea that I had in mind was to run the update-policy option with tripwire once a week. Feedback and/or suggestions on this approach would be appreciated.

Thanks.
 
Old 07-01-2010, 10:47 PM   #2
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 250Reputation: 250Reputation: 250
I don't know whether it's good practice, but I used to update the policy regularly just to get rid of the mountain of reports regarding files that always change. It is almost impossible to add them all to the policy at the beginning, so I added them as I went along to reduce the output from tripwire. Gradually you reduce the report down to the truly essential data, which, while still large, is not full of false alarms. Reading the whole report every day was very time consuming initially.

It's the files that *don't normally change* that you want to be checked, they're the ones that you want notification on. Log files and temp files are always changing so they are worthless as a security metric. Of course policies vary according to what the system is and what it is used for.

Last edited by smoker; 07-01-2010 at 10:51 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Tripwire Policy Update fullgore Linux - Security 2 06-04-2008 07:46 AM
tripwire policy update fails dsids Linux - Security 4 08-08-2006 01:57 PM
editing of configuration and policy file and implementing tripwire anil2003 Linux - Security 1 04-24-2006 02:52 PM
editing of configuration and policy file while implementing tripwire-2.3.1-2-i686.tgz anil2003 VectorLinux 0 03-29-2006 04:36 AM
Tripwire policy update brain_bucket Linux - Security 2 09-03-2003 08:35 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration