David Baron wrote: > So ... I have this thing fairly stable. 14 /etc items seem to change daily > due to their chron or daemon execution. Can live with this. (Results with > alternatives such as aide should be similar--the ideal monitoring package > would track upgrades and logrotations et al and not squawk at these.)
That seems odd - what items in /etc are changing? > RIght now, I have /var and /proc excluded because of their volativity. I > assume there are specific items/directories in these which SHOULD be > monitored. Can anyone tell me which ones? /proc can safely be ignored. As for /var: - Log files can grow in size, but should not change ownership or permissions. This will also sound an alert if your logs are truncated. - Watching the crontab spool would be a good idea to make sure no one's slipped something nasty into root's crontab. Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]