Whitelist `/var/lib/rpm/__db*` files in Tripwire policy

[mjtko]

These appear to change without any changes to RPMs being installed (probably lock files or automatic check for updates process running). Let's whitelist them.

[sierra-tango-echo]

will that still pickup genuine rpm installs?

[mjtko]

I reckon so:

[root@node001[mycluster] rpm]# ls -l
total 82136
-rw-r--r--. 1 root root  3334144 Sep 12 21:45 Basenames
-rw-r--r--. 1 root root    16384 May  2 17:48 Conflictname
-rw-r--r--  1 root root   917504 Sep 30 01:34 __db.001
-rw-r--r--  1 root root   147456 Sep 30 01:34 __db.002
-rw-r--r--  1 root root  1318912 Sep 30 01:34 __db.003
-rw-r--r--. 1 root root  1474560 Sep 12 21:45 Dirnames
-rw-r--r--. 1 root root    20480 Sep 12 21:45 Group
-rw-r--r--. 1 root root    12288 Sep 12 21:45 Installtid
-rw-r--r--. 1 root root    40960 Sep 12 21:45 Name
-rw-r--r--. 1 root root    24576 May  2 17:48 Obsoletename
-rw-r--r--. 1 root root 74559488 Sep 12 21:45 Packages
-rw-r--r--. 1 root root  1986560 Sep 12 21:45 Providename
-rw-r--r--. 1 root root   299008 Sep 12 21:45 Requirename
-rw-r--r--. 1 root root    73728 Sep 12 21:45 Sha1header
-rw-r--r--. 1 root root    49152 Sep 12 21:45 Sigmd5
-rw-r--r--. 1 root root     8192 May  2 17:48 Triggername
[root@node001[mycluster] rpm]# tail -n1 /var/log/yum.log
Sep 12 21:45:30 Installed: sl-5.02-1.el7.x86_64