[CentOS] tripwire / .xauth$$$$ problem on Centos5
jake.grimmett at nimr.mrc.ac.uk
Thu Jul 5 13:28:28 UTC 2007
I'm using Centos5 to run a firewall, and as part of the intrusion detection
apparatus, I use tripwire (tripwire-22.214.171.124-1.fc6.x86_64.rpm - as made for
fedora core 6, and then tweaked with my own twpol.txt).
My problem, is that when I su to root, a .xauth file is created with a random
tail name - i.e. /root/.xauthyN4aHS or /root/.xauth1sGdFh and this causes
tripwire to trigger. I can stop sshd from X forwarding to prevent .xauth
files, but that's a really bad solution. And I can't see any mention of being
able to use wildcards in the the tripwire policy file.
Potential solutions are:
1) force the .xauth$$$$ file to live in a directory below root, as I can tell
tripwire to ignore this path.
2) stop the .xauth files having a random name
However I can't get a grip on how to control the creation of the .xauth file:
I've tried adding XAUTHORITY=/root/xauth/xauth to /root/bashrc and this does
not work, so any ideas are welcome!
Dr J. Grimmett
Computer Systems Manager
Division of Molecular Structure
National Institute for Medical Research
London, NW7 1AA
More information about the CentOS