|
From: | Martin Pala |
Subject: | Re: statement changes suggestions |
Date: | Tue, 05 Aug 2003 12:41:10 +0200 |
User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030711 |
Jan-Henrik Haukeland wrote:
I preffer 2.), e.g. to change it. Reason is, that every statement now allows to customize the behavior and it is not common, that 'stop' is allways correct for all checksum cases => i think it was good point from you and i'm +1 to change it as you proposed, for example:Martin Pala <address@hidden> writes:We can recommend this setting for security reasons, but i think it is bad to have different behavior for alert statement in different tests.I take it you are in favor of 1) then? After rethinking I'm also inclined to 1) (that is, do not change the checksum statement) since the proposed changes will implement a not so obvious double-meaning for the alert. Unless others have a better suggestion for using the checksum statement with action I suggest then, that we leave it as is. At least for now.
IF checksum /usr/bin/httpd and expect the sum 4e5309d1956f003bcdff168748bea647 FAILED THEN [ALERT | STOP | RESTART | EXEC]
and keep such scheme for "boolean" tests in the future too. In the case that we will agree on the change, i will modify 'permission' test to reflect it too.
Martin
[Prev in Thread] | Current Thread | [Next in Thread] |