Hi I need to allow new files within a folder but I must assure that once files are created the won't be modified. Is this possible?
If I understand you right, you would like to validate new files created within a dir, in which case you need to update your files database to reflect your current filesystem.
As for how to make sure they do not get modified, this is not a tripwire question, but rather a file/security one. I guess restraining permissions might be a good place to start.
Thanks for the reply,
I've not been very clear, I'll try to explain better with an example:
New recording files are created on Friday within /var/spool/recordings. On Sunday night tripwire should check and choose:
- If new files are added there's no violation
- If the folder size grows, there's no violation
- If files created on Friday (or before Friday ) were modified, it should rise a violation
Now, the question is what parameters should I use in my directive?
/var/spool/recordings -> ?????
I have a similar issue as well. I have syslogs that get archived, and new files get created for each archive file. I want to *allow* the creation of *new* files within a specified directory. However, if the files get modified at a later date (different hash / file modification timestamp / different user / etc.), I want that to be a violation.
Any *new* file created should not raise a violation and thus should not need to be cleared -- new files will automatically get created as archives based upon the date and I want to accept that.
Log in to post a comment.