/etc/cron.daily/tripwire-check

/etc/cron.daily/tripwire-check

Post by Andre » Mon, 22 Apr 2002 20:21:38



Okay, I understand the importance of Trip Wire when it pertains to
security.....But I'm not sure how to use it yet...when i get some
time.

But for right now, why do I need the (I'm running Red Hat):
/etc/cron.daily/tripwire-check to run?

Sometimes I will get a warning that the Host Name was not found.

I have my Linux as a home network only (no connection to the outside
world, yet).

So what I want to know, do I really need this running? And what is the
best way to disable this cron job from running, other than deleting
it, or moving it. I would like to keep the script where its at.

Thanks for any help,

Andrew

 
 
 

/etc/cron.daily/tripwire-check

Post by Travis Case » Tue, 23 Apr 2002 01:32:31



> Okay, I understand the importance of Trip Wire when it pertains to
> security.....But I'm not sure how to use it yet...when i get some
> time.

> But for right now, why do I need the (I'm running Red Hat):
> /etc/cron.daily/tripwire-check to run?

That's what runs to check whether any files have been modified.  If you
don't run it, you won't find out if any files have been modified.  Having
tripwire installed doesn't do anything, if you don't run it and check the
results.

Quote:> Sometimes I will get a warning that the Host Name was not found.

> I have my Linux as a home network only (no connection to the outside
> world, yet).

If there is no connection to the outside world, and you don't have other
people coming into the house and using your computer, then you don't really
need it right now.

Quote:> So what I want to know, do I really need this running? And what is the
> best way to disable this cron job from running, other than deleting
> it, or moving it. I would like to keep the script where its at.

With it being in cron.daily, I don't know any way to keep it from running,
but still run your other cron.daily jobs, without removing it or moving it.
:-(

--

       /,`.-'`'    -.  ;-;;,_   No one agrees with me.  Not even me.
      |,4-  ) )-,_..;\ (  `'-'
     '---''(_/--'  `-'\_)

 
 
 

/etc/cron.daily/tripwire-check

Post by Jeste » Wed, 24 Apr 2002 23:48:23


simply hash out the job.

something like this

#03 2 * * * /usr/sbin/tripwire --check | /bin/mail andrew -s "Tripwire
Check" 2>&1


> > Okay, I understand the importance of Trip Wire when it pertains to
> > security.....But I'm not sure how to use it yet...when i get some
> > time.

> > But for right now, why do I need the (I'm running Red Hat):
> > /etc/cron.daily/tripwire-check to run?

> That's what runs to check whether any files have been modified.  If you
> don't run it, you won't find out if any files have been modified.  Having
> tripwire installed doesn't do anything, if you don't run it and check the
> results.

> > Sometimes I will get a warning that the Host Name was not found.

> > I have my Linux as a home network only (no connection to the outside
> > world, yet).

> If there is no connection to the outside world, and you don't have other
> people coming into the house and using your computer, then you don't
really
> need it right now.

> > So what I want to know, do I really need this running? And what is the
> > best way to disable this cron job from running, other than deleting
> > it, or moving it. I would like to keep the script where its at.

> With it being in cron.daily, I don't know any way to keep it from running,
> but still run your other cron.daily jobs, without removing it or moving
it.
> :-(

> --

>        /,`.-'`'    -.  ;-;;,_   No one agrees with me.  Not even me.
>       |,4-  ) )-,_..;\ (  `'-'
>      '---''(_/--'  `-'\_)

 
 
 

/etc/cron.daily/tripwire-check

Post by Al Aud » Fri, 26 Apr 2002 23:16:53



>Okay, I understand the importance of Trip Wire when it pertains to
>security.....But I'm not sure how to use it yet...when i get some
>time.

>But for right now, why do I need the (I'm running Red Hat):
>/etc/cron.daily/tripwire-check to run?

>Sometimes I will get a warning that the Host Name was not found.

>I have my Linux as a home network only (no connection to the outside
>world, yet).

>So what I want to know, do I really need this running? And what is the
>best way to disable this cron job from running, other than deleting
>it, or moving it. I would like to keep the script where its at.

>Thanks for any help,

>Andrew

Because if it doesn't run on a regular basis it will not be able to check your
system.
You only need Tripwire if your system is accessible to anyone else......in
this case connected to the internet.

Just move the script to a safe place, maybe your home directory or something.  
Then later on just move it back to /etc/cron.daily.  You can always run the
script manually from your home directory when you want to start fooling around
with it.

The following is the best resource I have yet to find for installing and
configuring tripwire.  (Well on RedHat systems anyway).

http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/ref-guide/ch-....
html

-------------------------------
Al Audet
PGP Public Key available at
http://www.nt.net/~ceclan/pgp/
-------------------------------

 
 
 

1. overlapping /etc/cron.daily & /etc/cron.weekly

hello all,

I intend to run a very lengthy process in /etc/cron.daily/* and there is
a good chance that it will overlapp with /etc/cron.weekly/*; as I
understand this overlap should be avoided so I'd like to find a way to
run /etc/cron.weekly/* right after /etc/cron.daily/* finishes;

to my knowledge the best way is to comment out the 3 lines from
/etc/crontab and run the following script instead:

        run-parts --report /etc/cron.daily

        if [ $(date +%w) == 0 ]; then
                run-parts --report /etc/cron.weekly
        fi

        if [ $(date +%d) == 01 ]; then
                run-parts --report /etc/cron.monthly
        fi

but I really don't like the idea of messing with the system crontab..

what do you think?
will it break something else?
is there a widely accepted way to do this?

TIA!

--

2. GNOME ready for action?

3. Cron <root@host> run-parts /etc/cron.daily

4. password validation

5. Postinstallation - Cron <root@main> run-parts --report /etc/cron.daily

6. NFSD-Bug on Solaris with Linux clients. (Part II)

7. Cron <root@cxXXXXX-a> run-parts /etc/cron.daily

8. Forte Builds for 2.5.1 - 2.8

9. What's this: Cron <root@hindustan> run-parts /etc/cron.daily

10. RH6.1 and /etc/cron.daily question

11. AIDE ( replacement for tripwire ), checking for rootkits / modified binaries, etc.

12. Cron <root@host> run-parts /etc/cron.weekly

13. anacron runs daily at 4am (cron is not starting it, WHAT IS?)