tripwire's default policy
Hello all, tripwire's default policy includes /proc. Why, what's the point? At least in my systems, its files change more often than my logs rotate (which despite my efforts insist on rotating on a daily basis). So, is it safe to just remove /proc from the policy? If so, why is it included by default? regards FF -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: tripwire's default policy
On Sun, 2007-03-04 at 21:56 -0300, Felipe Figueiredo wrote: Hello all, tripwire's default policy includes /proc. Why, what's the point? At least in my systems, its files change more often than my logs rotate (which despite my efforts insist on rotating on a daily basis). So, is it safe to just remove /proc from the policy? I have on all my public systems. I did this quite some time ago. No problems, no worries. If so, why is it included by default? There are probably a host of reasons, I point the finger at the pack maintainer leaning more towards the side of security than insecurity. -Jim P. signature.asc Description: This is a digitally signed message part
Unidentified subject!
i am interested please reply - Don't pick lemons. See all the new 2007 cars at Yahoo! Autos.
Re: tripwire's default policy
On Sunday 04 March 2007 22:02:48 Jim Popovitch wrote: If so, why is it included by default? There are probably a host of reasons, I point the finger at the pack maintainer leaning more towards the side of security than insecurity. Forgive me for insisting. So, there *are* security issues related. Do you (or anyone else) know what they might be? I know debian's policy is to follow upstream if dd's can't reach a consensus (I remember reading in some lists' archives that this argument ended some polemic in some ssh(d)'s config options). However, I got the source of the same version (2.3.1-2) from sourceforge and it's clearly different, in that it only checks for some specific files in /proc, as oposed to everything. For information's sake, I paste them below. So I'm guessing dd's had a good reason for doing this, even though it's annoying. Am I missing something? Am I just hitting an old dead dog here? regards FF -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: tripwire's default policy
On Monday 05 March 2007 01:42:09 Felipe Figueiredo wrote: For information's sake, I paste them below. Now with the promised content. /dev/kmem - $(Device) ; /dev/mem - $(Device) ; /dev/null - $(Device) ; /dev/zero - $(Device) ; /proc/devices - $(Device) ; /proc/net - $(Device) ; /proc/sys - $(Device) ; /proc/cpuinfo - $(Device) ; /proc/modules - $(Device) ; /proc/mounts - $(Device) ; /proc/dma - $(Device) ; /proc/filesystems - $(Device) ; /proc/pci - $(Device) ; /proc/interrupts - $(Device) ; /proc/rtc - $(Device) ; /proc/ioports - $(Device) ; /proc/scsi- $(Device) ; /proc/kcore - $(Device) ; /proc/self- $(Device) ; /proc/kmsg- $(Device) ; /proc/stat- $(Device) ; /proc/ksyms - $(Device) ; /proc/loadavg - $(Device) ; /proc/uptime - $(Device) ; /proc/locks - $(Device) ; /proc/version - $(Device) ; /proc/mdstat - $(Device) ; /proc/meminfo - $(Device) ; /proc/cmdline - $(Device) ; /proc/misc- $(Device) ; -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]