alloow new files within a folder

Help
tcalosi
2008-09-12
2013-04-30
  • tcalosi

    tcalosi - 2008-09-12

    Hi I need to allow new files within a folder but I must assure that once files are created the won't be modified. Is this possible?

     
    • FRLinux

      FRLinux - 2008-09-15

      Hello,

      If I understand you right, you would like to validate new files created within a dir, in which case you need to update your files database to reflect your current filesystem.

      As for how to make sure they do not get modified, this is not a tripwire question, but rather a file/security one. I guess restraining permissions might be a good place to start.

      Steph

       
    • tcalosi

      tcalosi - 2008-09-15

      Thanks for the reply,

      I've not been very clear, I'll try to explain better with an example:

      New recording files are created on Friday within /var/spool/recordings.  On Sunday night tripwire should check and choose:

      - If new files are added there's no violation
      - If the folder size grows, there's no violation
      - If files created on Friday (or before Friday ) were modified, it should rise a violation

      Now, the question is what parameters should I use in my directive?

      {
          /var/spool/recordings        -> ?????
      }

      Thanks again

      T.

       
    • mrmccrac

      mrmccrac - 2009-01-22

      I have a similar issue as well.  I have syslogs that get archived, and new files get created for each archive file.  I want to *allow* the creation of *new* files within a specified directory.  However, if the files get modified at a later date (different hash / file modification timestamp / different user / etc.), I want that to be a violation. 

      Any *new* file created should not raise a violation and thus should not need to be cleared -- new files will automatically get created as archives based upon the date and I want to accept that.

       

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks