Dark Ninja
11-12-2001, 07:00 PM
Tripwire is a good program, right?
Well, that's according to almost every security book ever written on Linux. However, I have a question. When generating my reports for Tripwire ( command: tripwire -m c > Security_Report ), I almost always immediatly review it. Problem - almost every time, something has been added or changed. Basically because I'm always changing my system around. I don't think there's one day where I don't change something.
So...how do I know what to look for in terms of things that shouldn't be changed? Any guidelines? Also, how often should I run the Tripwire scan?
Thanks.
Dark Ninja
Well, that's according to almost every security book ever written on Linux. However, I have a question. When generating my reports for Tripwire ( command: tripwire -m c > Security_Report ), I almost always immediatly review it. Problem - almost every time, something has been added or changed. Basically because I'm always changing my system around. I don't think there's one day where I don't change something.
So...how do I know what to look for in terms of things that shouldn't be changed? Any guidelines? Also, how often should I run the Tripwire scan?
Thanks.
Dark Ninja