The default policy file installed with tripwire references a number of
files that are not part of Red Hat Linux (i.e., that aren't installed in a
full installation). As soon as tripwire is enabled, it starts sending
e-mail every day containing a long list of `File system errors'.
IMO, tripwire should add negative entries in its database and not report
the errors of the file. If this is not possible, we could at least have a
more generic policy file that would give us as much security, possibly at
the expense of unnecessary checks, but that would not result in such large
and confusing reports.
Another problem in the default policy file is that it will report changes
in log files in /var/log, which is pretty much useless. It seems to me
that such files should be configured as SEC_LOG, not SEC_CONFIG.
*** This bug has been marked as a duplicate of 75999 ***
First off, this is NOT a duplicate of 75999. That bug is about not
checking files in /etc/pam.d, while this one is about checking files
that don't exist in /bin and elsewhere.
Secondly, can this be fixed? It's highly annoying to have to spend
hours tuning the default policy for every new box.