Variables Tripwire : Différence entre versions
De wikiGite
Ligne 21 : | Ligne 21 : | ||
M MD5 hash value | M MD5 hash value | ||
S SHA hash value | S SHA hash value | ||
+ | |||
+ | Template Function | ||
+ | +mask The properties following the + sign are to be monitored for the file or directory. | ||
+ | -mask The properties following the - sign are to be ignored for the specified file or directory. | ||
+ | R Used with read-only files (+pingsum12-ac34546789) | ||
+ | L Used with log files (+pinug-sacm123456789) | ||
+ | N +pinugsamc123456789 Template is used to ignore nothing. | ||
+ | E -pinugsamc123456789 Template is used to ignore everything. | ||
+ | > Used for files that will increase in size. An alarm is tripped when the file size is smaller than it previously was. | ||
'''ReadOnly''' is good for files that are widely available but are intended to be read-only. | '''ReadOnly''' is good for files that are widely available but are intended to be read-only. |
Version du 25 septembre 2008 à 17:33
Characters used in property masks, with descriptions:
- Ignore the following properties + Record and check the following properties a Access timestamp b Number of blocks allocated c Inode timestamp (create/modify) d ID of device on which inode resides g File owner's group ID i Inode number l File is increasing in size (a "growing file") m Modification timestamp n Number of links (inode reference count) p Permissions and file mode bits r ID of device pointed to by inode (valid only for device objects) s File size t File type u File owner's user ID C CRC-32 hash value H Haval hash value M MD5 hash value S SHA hash value
Template Function +mask The properties following the + sign are to be monitored for the file or directory. -mask The properties following the - sign are to be ignored for the specified file or directory. R Used with read-only files (+pingsum12-ac34546789) L Used with log files (+pinug-sacm123456789) N +pinugsamc123456789 Template is used to ignore nothing. E -pinugsamc123456789 Template is used to ignore everything. > Used for files that will increase in size. An alarm is tripped when the file size is smaller than it previously was.
ReadOnly is good for files that are widely available but are intended to be read-only.
Value: +pinugtsdbmCM-rlacSH
Dynamic is good for monitoring user directories and files that tend to be dynamic in behavior.
Value: +pinugtd-srlbamcCMSH
The Growing variable is intended for files that should only get larger.
Value: +pinugtdl-srbamcCMSH
Device is good for devices or other files that Tripwire should not attempt to open.
Value: +pugsdr-intlbamcCMSH
IgnoreAll tracks a file's presence or absence, but doesn't check any other properties.
Value: -pinugtsdrlbamcCMSH
IgnoreNone turns on all properties and provides a convenient starting point for defining your own property masks. (For example, mymask = $(IgnoreNone) -ar;)
Value: +pinugtsdrbamcCMSH-l