Dear All,
I'm using Centos5 to run a firewall, and as part of the intrusion detection
apparatus, I use tripwire (tripwire-2.4.1.1-1.fc6.x86_64.rpm - as made for
fedora core 6, and then tweaked with my own twpol.txt).
My problem, is that when I su to root, a .xauth file is created with a random
tail name - i.e. /root/.xauthyN4aHS or /root/.xauth1sGdFh and this causes
tripwire to trigger. I can stop sshd from X forwarding to prevent .xauth
files, but that's a really bad solution. And I can't see any mention of
being
able to use wildcards in the the tripwire policy file.
Potential solutions are:
1) force the .xauth$$$$ file to live in a directory below root, as I can tell
tripwire to ignore this path.
2) stop the .xauth files having a random name
However I can't get a grip on how to control the creation of the .xauth
file:
I've tried adding XAUTHORITY=/root/xauth/xauth to /root/bashrc and this
does
not work, so any ideas are welcome!
Many thanks,
Jake
--
Dr J. Grimmett
Computer Systems Manager
Division of Molecular Structure
National Institute for Medical Research
The Ridgeway
Mill Hill
London, NW7 1AA
