使用tripwire初始化数据库时 – 请吐出一堆与/ proc相关的错误:
- ### Warning: File system error.
- ### Filename: /proc/16982/fd/4
- ### No such file or directory
- ### Continuing...
- ### Warning: File system error.
- ### Filename: /proc/16982/fdinfo/4
- ### No such file or directory
- ### Continuing...
- ### Warning: File system error.
- ### Filename: /proc/16982/task/16982/fd/4
- ### No such file or directory
- ### Continuing...
- ### Warning: File system error.
- ### Filename: /proc/16982/task/16982/fdinfo/4
- ### No such file or directory
- ### Continuing...
- ### Warning: Duplicate object encountered.
- ### /proc/sys/net/ipv6/neigh
这感觉像是噪音. twpol.txt文件具有以下子句:
- #
- # Critical devices
- #
- (
- rulename = "Devices & Kernel information",severity = $(SIG_HI),)
- {
- /dev -> $(Device) ;
- /proc -> $(Device) ;
- }
如果我理解正确的话,会导致tripwire深入关注/ proc的全部内容.它不应该只关心/ proc的静态部分,如驱动程序等,而不是per-pid的东西?它为什么这样发货?
解决方法
我在
LinuxQuestions发现了这篇文章.
修改,以便只检查proc的有趣部分
- # /proc -> $(Device) ;
- /proc/sys -> $(Device) ;
- /proc/cpuinfo -> $(Device) ;
- /proc/modules -> $(Device) ;
