Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 07-01-2010, 07:18 PM   #1
Registered: Nov 2003
Posts: 809

Rep: Reputation: 39
Periodic update of tripwire policy file

Hi there --

I have tripwire running on one of our servers on a daily basis, and I was curious to know if it is good practice to periodically update the policy file.

The reason for my asking that is while the daily reports that I get indicate there have been changes to files on a daily basis, there are also files that have not been modified for over a month. My thinking is an update of the policy file will establish an updated baseline, and those files that have not been changed for so long will not be reported on until they get changed again.

The idea that I had in mind was to run the update-policy option with tripwire once a week. Feedback and/or suggestions on this approach would be appreciated.

Old 07-01-2010, 10:47 PM   #2
Senior Member
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 250Reputation: 250Reputation: 250
I don't know whether it's good practice, but I used to update the policy regularly just to get rid of the mountain of reports regarding files that always change. It is almost impossible to add them all to the policy at the beginning, so I added them as I went along to reduce the output from tripwire. Gradually you reduce the report down to the truly essential data, which, while still large, is not full of false alarms. Reading the whole report every day was very time consuming initially.

It's the files that *don't normally change* that you want to be checked, they're the ones that you want notification on. Log files and temp files are always changing so they are worthless as a security metric. Of course policies vary according to what the system is and what it is used for.

Last edited by smoker; 07-01-2010 at 10:51 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Tripwire Policy Update fullgore Linux - Security 2 06-04-2008 07:46 AM
tripwire policy update fails dsids Linux - Security 4 08-08-2006 01:57 PM
editing of configuration and policy file and implementing tripwire anil2003 Linux - Security 1 04-24-2006 02:52 PM
editing of configuration and policy file while implementing tripwire-2.3.1-2-i686.tgz anil2003 VectorLinux 0 03-29-2006 04:36 AM
Tripwire policy update brain_bucket Linux - Security 2 09-03-2003 08:35 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:34 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration