Re: tripwire's default policy
On Monday 05 March 2007 01:42:09 Felipe Figueiredo wrote: > For information's sake, I paste them > below. Now with the promised content. /dev/kmem -> $(Device) ; /dev/mem -> $(Device) ; /dev/null -> $(Device) ; /dev/zero -> $(Device) ; /proc/devices -> $(Device) ; /proc/net -> $(Device) ; /proc/sys -> $(Device) ; /proc/cpuinfo -> $(Device) ; /proc/modules -> $(Device) ; /proc/mounts -> $(Device) ; /proc/dma -> $(Device) ; /proc/filesystems -> $(Device) ; /proc/pci -> $(Device) ; /proc/interrupts -> $(Device) ; /proc/rtc -> $(Device) ; /proc/ioports -> $(Device) ; /proc/scsi-> $(Device) ; /proc/kcore -> $(Device) ; /proc/self-> $(Device) ; /proc/kmsg-> $(Device) ; /proc/stat-> $(Device) ; /proc/ksyms -> $(Device) ; /proc/loadavg -> $(Device) ; /proc/uptime -> $(Device) ; /proc/locks -> $(Device) ; /proc/version -> $(Device) ; /proc/mdstat -> $(Device) ; /proc/meminfo -> $(Device) ; /proc/cmdline -> $(Device) ; /proc/misc-> $(Device) ; -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: tripwire's default policy
On Sunday 04 March 2007 22:02:48 Jim Popovitch wrote: > > If so, why is it included by default? > > There are probably a host of reasons, I point the finger at the pack > maintainer leaning more towards the side of security than insecurity. Forgive me for insisting. So, there *are* security issues related. Do you (or anyone else) know what they might be? I know debian's policy is to follow upstream if dd's can't reach a consensus (I remember reading in some lists' archives that this argument ended some polemic in some ssh(d)'s config options). However, I got the source of the same version (2.3.1-2) from sourceforge and it's clearly different, in that it only checks for some specific files in /proc, as oposed to everything. For information's sake, I paste them below. So I'm guessing dd's had a good reason for doing this, even though it's annoying. Am I missing something? Am I just hitting an old dead dog here? regards FF -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Unidentified subject!
i am interested please reply - Don't pick lemons. See all the new 2007 cars at Yahoo! Autos.
Re: tripwire's default policy
On Sun, 2007-03-04 at 21:56 -0300, Felipe Figueiredo wrote: > Hello all, > > tripwire's default policy includes /proc. Why, what's the point? At least in > my systems, its files change more often than my logs rotate (which despite my > efforts insist on rotating on a daily basis). > > So, is it safe to just remove /proc from the policy? I have on all my public systems. I did this quite some time ago. No problems, no worries. > If so, why is it included by default? There are probably a host of reasons, I point the finger at the pack maintainer leaning more towards the side of security than insecurity. -Jim P. signature.asc Description: This is a digitally signed message part
tripwire's default policy
Hello all, tripwire's default policy includes /proc. Why, what's the point? At least in my systems, its files change more often than my logs rotate (which despite my efforts insist on rotating on a daily basis). So, is it safe to just remove /proc from the policy? If so, why is it included by default? regards FF -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
