Re: Dumb Newbie question bout Tripwire

[Bret Hughes <bhughes elevating com>]

On Wed, 2003-10-01 at 15:41, cajun wrote:
> Bret Hughes wrote:
> 
> > (snip)
> >
> >found it for those who might be interested.  Love them archives.
> >
> >
> >
> >http://marc.theaimsgroup.com/?l=redhat-list&m=104396069108467&w=2
> >
> >Bret
> >
> >
> >  
> >
> Hi Bret,
> 
> Thanks.  That I do appreciate!!!  Will this script go in to the 
> twpol.txt and edit it for cleaning up any of the files and maybe damons 
> that are not being used?  I found the tripwire page and followed their 
> instructions up to the point of going in and cleaning out the twpol.txt 
> file.  It was late last night when I did this and I have not had a 
> chance to get back to it yet.  Again Thanks for the script!!
> 
> Lee Perez

yup  saves a sh*t load of time and less error prone too.

If we could standardize on an IDS it would be way cool if developers of
"important" packages could include a list of binaries and config files
that need to be watched so they could be added to the pol file easily. 
Maybe some night when I can't sleep I will try and parse the output or
rpm -ql package and see if intelligent guesses can be made as to what
should go where.

If you add a package now it's files will be commented out.

I guess If we assume that redhat really did include EVERYTHING (not
possible IMNSHO) then a good first cut would be to modify the script to
uncomment files that are there now.  Hmm looking at it, it does not seem
that it would be a huge deal to check after the leading #.

Thanks for making me think about this a little.

Bret