[Integrit-users] Re: Integrit
Brought to you by:
ecashin
Menu
▾
▴
[Integrit-users] Re: Integrit
|
From: Ed L C. <ec...@te...> - 2001-06-08 12:13:46
|
Darrell Golliher <da...@cx...> writes: > Date: Tue, 5 Jun 2001 16:08:28 -0400 > From: Darrell Golliher <da...@cx...> > X-Mailer: Mutt 1.0.1i > To: int...@li... > Subject: grep -v > > > There are a number of patterns of files that I don't care about in > the report from integrit. The simple solution for me is to run the > output of integrit through grep -v which is akin to what > logcheck.ignore does for logcheck. > > Seems a lot easier to me that excluding every user's ~/.bash_history > file with it's own !/home/jsmith/.bash_history line in the integrit > config file. > > I was wondering how the rest of you deal with excluding patterns of > files as opposed to specific files or whole directories. So far I've found that those kinds of problems don't usually occur when you're checking the system. If you know that your system binaries, "find", "ls", etc., haven't been trojaned, then there's usually no need to check home directories, web document trees, etc. But, yes, grep is the kind of thing I was *expecting* users to have and use. It keeps integrit simple. You can even put your "ignore" regular expressions in a file and do this in procmail (untested): :0 :hosty-reports.lock * ^Subject: hosty integrit report | grep -v -f hosty.ignore > mail/hosty-reports -- --Ed Cashin PGP public key: ec...@te... http://www.terry.uga.edu/~ecashin/pgp/ |
