I have a ubuntu server with weekly auto update/upgrade and tripwire installed.
The problem is that the auto update kind of makes tripwire useless as changes always occur on my server. Therefore I constantly have violations flagged by tripwire.
If there were any malicious changes I would miss them.
What is the best practice in such a situation? Is there a way to have automatic updates and useful tripwire reports? How do people usually combine the two?