Slartibartfast's questions

I've setup tripwire on a debian server, and default policy had some strange settings.

#
# Critical devices
#
(
  rulename = "Devices & Kernel information",
  severity = $(SIG_HI),
)
{
    /dev            -> $(Device) ;
#   /proc           -> $(Device) ;
}

/proc is very volatile, so I've commented it out, but I guess I should put some of it content explicitly in here. I have some ideas, but I'll ask for an advice on that matter.

Other thing is /var/log :

#
# These files change every time the system boots
#
(
  rulename = "System boot changes",
  severity = $(SIG_HI)
)
{
    /var/lock               -> $(SEC_CONFIG) ;
    /var/run                -> $(SEC_CONFIG) ; # daemon PIDs
#   /var/log                -> $(SEC_CONFIG) ;
}

Again too volatile and too many false positives. Should I explicitly monitor some specified parts of it and what. Rest of /var is $(SIG_MED) and $(SEC_INVARIANT), which sounds reasonable for /var/log too.

I'm running debian lenny server, and I've installed git on it. Now there is a git-daemon process (and appropriate opened port), but there is no /etc/init.d/git script that I could stop. I know there is /etc/sv/git-daemon/run but that doesn't help me stopping it either.