Re: [Integrit-users] Re: Inheriting of options in integrit is causing me a problem
Brought to you by:
ecashin
Menu
▾
▴
Re: [Integrit-users] Re: Inheriting of options in integrit is causing me a problem
|
From: Ed L C. <ec...@co...> - 2001-02-26 13:21:35
|
Matt Hoskins <ma...@ni...> writes: ... [ed writes] > > I was wondering how long it would take for someone to remark upon this > > inconvenience. > > Pesky users, eh? ;) No, two of the last few comments have been things that I remarked upon myself but didn't want to fix until I knew the need was not confined to just me. > > I agree that this feature would merit the increased complexity of an > > additional token in the config file syntax. A dot at the beginning of > > a rule could mean, "don't inherit -- rule applies to this file > > (specifically, directory) only". I meant like this (using your example below): /var/somedir SP ./var/somedir pCM /var/somedir/somefile p I like that the dot already means "this directory", but now that I look at it, I don't like the fact that it looks like it would be "`pwd`/var/somedir". Some other token would work better. A dollar sign is good in that it means "the end" in ed, vi, sed, etc., and in regular expressions, so it would be natural to associate with a rule that doesn't descend further into the file tree. /var/somedir SP $/var/somedir pCM /var/somedir/somefile p > If you had some options you also wanted inherited tho', that needs > to be accounted for. Another syntax possibility that springs to mind > is to use a . in the pathname to specify an override for the > directory... so you could have (in a slightly contrived example): > > /var/somedir SP > /var/somedir/. pCM > /var/somedir/somefile p So far, switches go at the right and special treatment directives go at the left, like this: =/var/somedir CM To be consistent, the new token should go before the filename. ... > I'd heard of tripwire, and did have a glance at that (as well as > another alternative, which I think might have been aide). I found > integrit more accessable tho' (ie easier/quicker to get up an > running with). One good thing about tripwire is that the docs impress a really good sense of paranoia on you that tends to help you notice security problems more easily. So even if you're an integrit user you might benefit from giving the tripwire docs a read. -- --Ed Cashin integrit file verification system ec...@co... http://integrit.sourceforge.net/ |
