Bug 54867 - Default policy file references files that do not exist
Summary: Default policy file references files that do not exist
Status: CLOSED DUPLICATE of bug 75999
Alias: None
Product: Red Hat Public Beta
Classification: Retired
Component: tripwire
Version: roswell
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Jeff Johnson
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2001-10-22 03:15 UTC by Alexandre Oliva
Modified: 2007-04-18 16:37 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2002-08-09 20:46:43 UTC

Attachments (Terms of Use)

Description Alexandre Oliva 2001-10-22 03:15:02 UTC
The default policy file installed with tripwire references a number of
files that are not part of Red Hat Linux (i.e., that aren't installed in a
full installation).  As soon as tripwire is enabled, it starts sending
e-mail every day containing a long list of `File system errors'.

IMO, tripwire should add negative entries in its database and not report
the errors of the file.  If this is not possible, we could at least have a
more generic policy file that would give us as much security, possibly at
the expense of unnecessary checks, but that would not result in such large
and confusing reports.

Another problem in the default policy file is that it will report changes
in log files in /var/log, which is pretty much useless.  It seems to me
that such files should be configured as SEC_LOG, not SEC_CONFIG.

Comment 1 Jeff Johnson 2002-11-16 21:28:01 UTC

*** This bug has been marked as a duplicate of 75999 ***

Comment 2 Damian Menscher 2003-11-30 03:02:16 UTC
First off, this is NOT a duplicate of 75999.  That bug is about not 
checking files in /etc/pam.d, while this one is about checking files 
that don't exist in /bin and elsewhere.

Secondly, can this be fixed?  It's highly annoying to have to spend 
hours tuning the default policy for every new box.

Note You need to log in before you can comment on or make changes to this bug.