Unable to exclude /var/log monitoring in tripwire?

0

I am trying to exclude /var/log monitoring by commenting that line

 /var/run                          -> $(SEC_CONFIG) ;
#/var/log                          -> $(SEC_CONFIG) ;
#/etc/ioctl.save                   -> $(SEC_CONFIG) ;
 /etc/issue.net                    -> $(SEC_CONFIG) -i ; # Inode number changes
 /etc/issue                        -> $(SEC_CONFIG) ;

After committing the changes 

tripwire --check --interactive

When i do the modification under /var/log and re-run the report it still report voilation under /var/log

-------------------------------------------------------------------------------
Rule Name: System boot changes (/var/log)
Severity Level: 100
-------------------------------------------------------------------------------

Modified:
"/var/log/sa/sar06"

Total violations found: 1

biz

Posted 2016-05-12T15:54:42.010

Reputation: 29

Answers

1

I figured it out:

tripwire --update-policy --secure-mode low /etc/tripwire/twpol.txt

This helped to update the singed policy file and checks excluded that folder

biz

Posted 2016-05-12T15:54:42.010

Reputation: 29

Asked: 2016-05-12T15:54:42.010

Viewed: 552 times

Active: 2016-05-12T16:37:53.597