[CentOS] tripwire / .xauth$$$$ problem on Centos5

Jake Grimmett jake.grimmett at nimr.mrc.ac.uk
Thu Jul 5 13:28:28 UTC 2007

Dear All,

I'm using Centos5 to run a firewall, and as part of the intrusion detection 
apparatus, I use tripwire (tripwire- - as made for 
fedora core 6, and then tweaked with my own twpol.txt). 

My problem, is that when I su to root, a .xauth file is created with a random 
tail name - i.e.  /root/.xauthyN4aHS or /root/.xauth1sGdFh  and this causes 
tripwire to trigger. I can stop sshd from X forwarding to prevent .xauth 
files, but that's a really bad solution. And I can't see any mention of being 
able to use wildcards in the the tripwire policy file.

Potential solutions are:

1) force the .xauth$$$$ file to live in a directory below root, as I can tell 
tripwire to ignore this path.

2) stop the .xauth files having a random name

However I can't get a grip on how to control the creation of the .xauth file: 
I've tried adding XAUTHORITY=/root/xauth/xauth to  /root/bashrc and this does 
not work, so any ideas are welcome!

Many thanks,


Dr J. Grimmett
Computer Systems Manager
Division of Molecular Structure
National Institute for Medical Research
The Ridgeway
Mill Hill
London, NW7 1AA

More information about the CentOS mailing list