[osiris] Why doesn't it detect anything?

[Gregor Mosheh]

Hi, all. I'm new to Osiris, from the world of AIDE and Tripwire. I am
having some odd results, in that Osiris isn't detecting changes. For
example, I can initialize the host, then run this very danngerous script:
   cd /var/run
   touch foof
   chmod 666 foof
   chmod u+s foof
...then run start-scan and find no changes!

Given my configuration file (see below) it should have been picked up,
being setuid. Meanwhile, other changes are going unnoticed as well, such
as changes to /etc/fstab

Any ideas?


Recursive  yes
Hash sha
IncludeAll
<Modules>
Include mod_users
Include mod_groups
Include mod_kmods
Include mod_ports
</Modules>
# This stuff should never change
<Directory /bin>
</Directory>
<Directory /boot>
</Directory>
<Directory /lib>
</Directory>
<Directory /lib64>
</Directory>
<Directory /sbin>
</Directory>
<Directory /dev>
</Directory>
<Directory /usr>
</Directory>
# This may change, but not likely. Watch it anyway.
<Directory /root>
</Directory>
# This stuff is so volatile we always Exclude it
<Directory /proc>
ExcludeAll
</Directory>
<Directory /sys>
ExcludeAll
</Directory>
<Directory /tmp>
ExcludeAll
</Directory>
<Directory /home>
ExcludeAll
</Directory>
# /var, minus the log directories
<Directory /var>
Exclude file(^/var/lib/slocate/slocate.db$)
</Directory>
<Directory /var/log>
Include executable
Include script
Include perl
Include python
ExcludeAll
</Directory>
<Directory /var/run>
Include executable
Include script
Include perl
Include python
ExcludeAll
</Directory>
<Directory /var/tmp>
Include executable
Include script
Include perl
Include python
ExcludeAll
</Directory>
<Directory /var/mail>
ExcludeAll
</Directory>
<Directory /var/spool/clientmqueue>
ExcludeAll
</Directory>
<Directory /var/spool/mqueue>
ExcludeAll
</Directory>
<Directory /var/lib/mysql>
ExcludeAll
</Directory>
<Directory /var/lib/pgsql>
ExcludeAll
</Directory>
# /etc should be relatively static, except for the mtab file
# changes will happen, but are important enough to be noteworthy
<Directory /etc>
Exclude file(^/etc/mtab$)
</Directory>



-- 
HostGIS
Cartographic development and hosting services
707-822-9355
http://www.HostGIS.com/