dsa*_*off 7 linux ubuntu tripwire
当使用 tripwire --init 初始化数据库时,它会吐出一堆与 /proc 相关的错误:
### Warning: File system error.
### Filename: /proc/16982/fd/4
### No such file or directory
### Continuing...
### Warning: File system error.
### Filename: /proc/16982/fdinfo/4
### No such file or directory
### Continuing...
### Warning: File system error.
### Filename: /proc/16982/task/16982/fd/4
### No such file or directory
### Continuing...
### Warning: File system error.
### Filename: /proc/16982/task/16982/fdinfo/4
### No such file or directory
### Continuing...
### Warning: Duplicate object encountered.
### /proc/sys/net/ipv6/neigh
这感觉像噪音。该 twpol.txt 文件具有以下子句:
#
# Critical devices
#
(
rulename = "Devices & Kernel information",
severity = $(SIG_HI),
)
{
/dev -> $(Device) ;
/proc -> $(Device) ;
}
如果我理解正确的话,这将使tripwire 非常关心/proc 的全部内容。它不应该只关心 /proc 的静态部分,比如驱动程序等,而不是每个 pid 的东西吗?为什么它会这样运送?
我在LinuxQuestions上找到了这篇文章。
修改以便只检查 proc 的相关部分
# /proc -> $(Device) ;
/proc/sys -> $(Device) ;
/proc/cpuinfo -> $(Device) ;
/proc/modules -> $(Device) ;