I just realized I would really rather carry these dicussions on with the
mailing list as opposed to the forum...
So, as to the idea of using comments to manage the change from regex's to
expanded rules. It is certainly workable, but not ideal. If you change one
or two of the regex's, you also have to delete all the expanded rules before
running it through expansion again.
It seems to me, reasonable solution would be one where tripwire could
properly use the policy file with regex's intact. To do this, it seems
tripwire would need to create an additional working file upon database init.
This working file would basically be the policy file with regex's expanded
-- when integrity checks were run, this version of the policy file would be
used since it would have the rules as they expanded at dbinit or policy
update time. This file would get recreated upon a new db init or policy
update (I think). This way, the original policy file stays in the original
form, and is used only to create this secondary representation.
> -----Original Message-----
> From: noreply@... [mailto:noreply@...]
> Sent: Wednesday, November 15, 2000 2:08 PM
> To: noreply@...
> Subject: [tripwire - Open Discussion] RE: crafting better
> policy files -
> Read and respond to this message at:
> By: japhar81
> Alright, how about this:
> Trippy goes through, comments out the regexp with a lovely #,
> and inserts the
> exploded list, I.E.
> # /usr/sbin//somexp//
> # Trippy Explode Here
> # Trippy Explode End
> You are receiving this email because you elected to monitor
> this forum.
> To stop monitoring this forum, login to SourceForge and visit: