[CentOS] tripwire / .xauth$$$$ problem on Centos5

Jake Grimmett jake.grimmett at nimr.mrc.ac.uk
Thu Jul 5 13:28:28 UTC 2007


Dear All,

I'm using Centos5 to run a firewall, and as part of the intrusion detection 
apparatus, I use tripwire (tripwire-2.4.1.1-1.fc6.x86_64.rpm - as made for 
fedora core 6, and then tweaked with my own twpol.txt). 

My problem, is that when I su to root, a .xauth file is created with a random 
tail name - i.e.  /root/.xauthyN4aHS or /root/.xauth1sGdFh  and this causes 
tripwire to trigger. I can stop sshd from X forwarding to prevent .xauth 
files, but that's a really bad solution. And I can't see any mention of being 
able to use wildcards in the the tripwire policy file.

Potential solutions are:

1) force the .xauth$$$$ file to live in a directory below root, as I can tell 
tripwire to ignore this path.

2) stop the .xauth files having a random name

However I can't get a grip on how to control the creation of the .xauth file: 
I've tried adding XAUTHORITY=/root/xauth/xauth to  /root/bashrc and this does 
not work, so any ideas are welcome!

Many thanks,

Jake


-- 
Dr J. Grimmett
Computer Systems Manager
Division of Molecular Structure
National Institute for Medical Research
The Ridgeway
Mill Hill
London, NW7 1AA




More information about the CentOS mailing list