0
I am trying to exclude /var/log monitoring by commenting that line
/var/run -> $(SEC_CONFIG) ;
#/var/log -> $(SEC_CONFIG) ;
#/etc/ioctl.save -> $(SEC_CONFIG) ;
/etc/issue.net -> $(SEC_CONFIG) -i ; # Inode number changes
/etc/issue -> $(SEC_CONFIG) ;
After committing the changes
tripwire --check --interactive
When i do the modification under /var/log and re-run the report it still report voilation under /var/log
-------------------------------------------------------------------------------
Rule Name: System boot changes (/var/log)
Severity Level: 100
-------------------------------------------------------------------------------
Modified:
"/var/log/sa/sar06"
Total violations found: 1