MAILNOVIOLATIONS =false
-update policy: tripwire -m p -Z low twpol.txt
-check the policy: twadmin -m p
-interactive check: tripwire -m c -I
-decrypt policy file: twadmin --print-polfile > /etc/tripwire/twpol.txt
-decrypt&update:
twadmin --print-polfile > /etc/tripwire/twpol.txt/etc/tripwire/twpol.txt/etc/tripwire/twpol.txt && rm -i /etc/tripwire/twpol.txt
twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt
proc problems:
#/dev/kmem -> $(Device) ;
#/dev/mem -> $(Device) ;
#/dev/null -> $(Device) ;
#/dev/zero -> $(Device) ;
/proc/devices -> $(Device) ;
/proc/net -> $(Device) ;
/proc/sys -> $(Device) ;
/proc/cpuinfo -> $(Device) ;
/proc/modules -> $(Device) ;
/proc/mounts -> $(Device) ;
/proc/dma -> $(Device) ;
/proc/filesystems -> $(Device) ;
#/proc/pci -> $(Device) ;
/proc/interrupts -> $(Device) ;
#/proc/rtc -> $(Device) ;
/proc/ioports -> $(Device) ;
/proc/scsi -> $(Device) ;
/proc/kcore -> $(Device) ;
/proc/self -> $(Device) ;
/proc/kmsg -> $(Device) ;
/proc/stat -> $(Device) ;
#/proc/ksyms -> $(Device) ;
/proc/loadavg -> $(Device) ;
/proc/uptime -> $(Device) ;
/proc/locks -> $(Device) ;
/proc/version -> $(Device) ;
/proc/mdstat -> $(Device) ;
/proc/meminfo -> $(Device) ;
/proc/cmdline -> $(Device) ;
/proc/misc -> $(Device) ;
ignore root modify time:
/root -> $(SEC_CRIT) -cm ;
logs:
/var/log -> $(SEC_CONFIG) -i ; source