Raphael wrote:
Hello
This morning running tripwire, I see /proc/kcore modified. Considering I did not know this file, I go see and try to edit it to see. God !
------------ -r-------- 1 root root 951070720 Feb 13 08:48 kcore ------------
What this file contain? The 951mo is stable but it is modified every minute.
Why is tripwire monitoring anything in the /proc filesystem.?? That is a totally dynamic area and should not be monitored by tripwire.
Tripwire is to monitor files/filesystems that do not normally change and to alert when a 'static' file gets altered.
I suggest you get your tripwire configuration properly set so it does not give false alarms.
