How can I instruct Tripwire to detect files modified by particular user(s)?
by RDarkfire from LinuxQuestions.org on (#5QX59)
I have setup Tripwire on a web server, and it works with a default configuration loadout. I need to make one modification to the policy and I can't figure out how to do it -- how do I tell the Tripwire policy to listen for modifications on certain files/directories by particular users? More specifically -- how do I tell it to ignore modifications by "the system/application/whatever user" but listen for modifications by actual users? These are log files.
Said another way, using Tripwire-specific vernacular -- how do I use the GROWING variable, but also include the ability to check whether certain users have modified the file or not?
Hope this is clear enough -- thanks.
Said another way, using Tripwire-specific vernacular -- how do I use the GROWING variable, but also include the ability to check whether certain users have modified the file or not?
Hope this is clear enough -- thanks.