Dear All,

I'm using Centos5 to run a firewall, and as part of the intrusion detection apparatus, I use tripwire (tripwire-2.4.1.1-1.fc6.x86_64.rpm - as made for fedora core 6, and then tweaked with my own twpol.txt).

My problem, is that when I su to root, a .xauth file is created with a random tail name - i.e. /root/.xauthyN4aHS or /root/.xauth1sGdFh and this causes tripwire to trigger. I can stop sshd from X forwarding to prevent .xauth files, but that's a really bad solution. And I can't see any mention of being able to use wildcards in the the tripwire policy file.

Potential solutions are:

1) force the .xauth$$$$ file to live in a directory below root, as I can tell tripwire to ignore this path.

2) stop the .xauth files having a random name

However I can't get a grip on how to control the creation of the .xauth file: I've tried adding XAUTHORITY=/root/xauth/xauth to /root/bashrc and this does not work, so any ideas are welcome!

Many thanks,

Jake