2.6.2 Setting Up Email Alerts for Exploit Attempts

The default configuration for the Oracle Ksplice known exploit detection feaure only logs exploit attempts to syslog by using the normal syslog facilities. To set up email alerts, edit the /etc/log-known-exploit.conf file as follows:

enabled: 1
recipients: admin@example.com

You can use the same configuration file to specify which tripwire reports should be logged or ignored:

CVE-2019-12345: report
CVE-2019-12346: ignore

To define the logging behavior for tripwires that are not specified, add a value for default to the list. For example, to avoid logging any tripwire reports unless they are specified, do the following:

default: ignore