[Integrit-users] Integrit does not send email
Brought to you by:
ecashin
Menu
▾
▴
[Integrit-users] Integrit does not send email
|
From: Lars B. <la...@hf...> - 2007-11-01 07:44:59
|
hi, i am new to the list as i am to integrit ;-) the program looks quite nice. I choosed it because it is not widely spread as tripwire is, so maybe it is less compromittable. at least i like it because it is small and simple. but I am a bit confused about it. I first tried it with the config it is shipped with on debian; integrit is 4. 0-1. the first run I did with integrit -C /etc/integrit/integrit.conf -u Beside /etc, /root, /usr I included three HDs e.g. partitions with 80GB data to the current.cdb. Integrit did not send me anything to syslog except the typical: start: integrit -C /etc/integrit/integrit.conf -cu integrit: ---- integrit, version 4.0 ----------------- integrit: output : human-readable integrit: conf file : /etc/integrit/integrit.conf integrit: known db : /var/lib/integrit/known.cdb integrit: current db : /var/lib/integrit/current.cdb integrit: root : / integrit: do check : yes integrit: do update : yes It took about an hour to build the initial database (measured with top). I moved it to known.cdb and let the check run: integrit -C /etc/integrit/integrit.conf -c Because I didnt change anything, I was confused about the fact that I saw a lot of "new, new, new"-messages on standardout: new: /work p(755) t(40000) u(0) g(0) z(4096) m(20071024-120219) new: /boot p(755) t(40000) u(0) g(0) z(4096) m(20071024-132450) new: /boot/initrd.img-2.6.18-5-686 p(644) t(100000) u(0) g(0) z (4489291) m(20071024-132449) new: /boot/initrd.img-2.6.18-5-686 s (cc087f8e1ad2a4d64d131bde7169cc4ca4d43f65) (...) - why this? so I tried to let the current.cdb beside the known.cdb, I tried different -u and -c, always the same. second strange thing: I sat the option ALWAYS_EMAIL=true in /etc/integrit/integrit.debian.conf; but I didnt receive any emails. Though I just received an email because of the cron-file in / etc/cron.daily ... any ideas about it? thanx a lot in advance! greetings lars berens |
