On Saturday 18 September 2004 08:42, [EMAIL PROTECTED] wrote: > "The tripwire command has a policy update mode which means that a change in > policy does not require us to reinitialise the database. The policy update > mode simply synchronises the existing database with the new policy file."
This is precisely the command that does not work. Redoing the policy file itself and then building a new database works fine. It appears the Debian's (other distros as well, most probably) use of /root, /etc, /proc, /var are far too volatile for tripwire. /proc must be excluded from the policy since /proc/...####/ items are dynamically created and destroyed continually. Logrotate produces a whole series alarms since it remove archives and creates new ones. So even without any upgrades, the database must be resynced after each run. I will probably not continue with this one. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
