Re: [Integrit-users] Why such a massive database?
Brought to you by:
ecashin
Menu
▾
▴
Re: [Integrit-users] Why such a massive database?
|
From: Franky V. L. <lie...@pa...> - 2001-08-28 18:30:10
|
You really don't want the mailspool to be checked, because mail comes and goes all the time, the same for tty's. So you probably only want to specify mountpoints other than /proc and /
Integrit (and all the othera alike) only work for directories/files that don't change when you don't want them to.
Franky
On Tue, 28 Aug 2001 18:32:47 +0100 (BST)
matt <ma...@ci...> wrote:
> Hi list,
>
> I'm a brand new user to integrit, and I think I'm doing something a
> _little_ bit stupid.
>
> I wrote a test config:
>
> --start-config--
> #some needed stuff
> root=/
> current=/root/integrit/current.db
> known=/root/integrit/known.db
>
> #then the rules
> /etc sipugz
> ! /etc/ssh_random_seed
> ! /proc
> --end-config--
>
> Then did a
>
> $ integrit -C conf -c
>
> and was surprised when the database was 8MB. Then when I checked the
> system with:
>
> $ cp current.db known.db
> $ integrit -C conf -c
>
> I got loads of stuff that had changed in the mail spool, the ttys etc
> etc. Am I doing something stupid or do I really have to say:
>
> ! /
>
> and then put the stuff that I want in?
>
> Thanks,
>
> Matt
>
> --
> #!/usr/bin/perl
> $A='A';while(print+($A.=(grep{($A=~/(...).{78}$/)[0]eq$_}" A A A "
> =~m{(...)}g)?"A":" ")=~/([ A])$/){if(!(++$l%80)){print"\n";sleep 1}}
>
>
> _______________________________________________
> Integrit-users mailing list
> Int...@li...
> http://lists.sourceforge.net/lists/listinfo/integrit-users
>
|
