-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 07 Oct 2003 09:34:29 -0400, Edward Croft wrote: > Okay, I have been beating my head regarding tripwire. First off, let me > thank Bret Hughes for his twpolclean.pl. That decreased my error count > due to files not on the system. > My question though has to do with the Change Time. I back up my systems > every night and that appears to change a time. I added the -a to the > rule set, but I still get the following: > > Modified object name: /etc/sysconfig/network-scripts/ifdown-cipcb > > Property: Expected > Observed > ------------- ----------- > ----------- > * Change Time Sun Oct 5 22:46:15 2003 Mon Oct 6 22:46:24 > 2003 > > > This basically renders tripwire useless as it reports on every file that > gets backed up. What am I missing here? Examine the files with the "stat" utility. What does the "Modify" field say? If your backup technique updates the modified/changed timestamp, you cannot monitor that attribute with Tripwire. The -a rule checks file's access times. Any file's access time is updated when it is read/accessed. You certainly don't want that for files which get backed up frequently, because the backup process would update the file access time. The -a rule makes sense only for archived files which should not be accessed at all, but which you keep on the hard disk nevertheless. - -- Michael, who doesn't reply to top posts and complete quotes anymore. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/gsiN0iMVcrivHFQRAuthAJ44vEUeE0LAvADqoRzpdljq8atOPgCfUyFj jnAKBJ9/ZHLDpUjfArEQues= =ER8f -----END PGP SIGNATURE----- -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
