linux-from-scratch/glfs
1
0
Fork 0
mirror of https://github.com/Zeckmathederg/glfs.git synced 2025-02-02 13:42:13 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
8604d92fe9
glfs/postlfs/security/tripwire/tripwire-config.xml
Larry Lawrence 8604d92fe9 Chapter 13, again 
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@1251 af4574ff-66df-0310-9fd7-8a98e5e911e0
2003-10-01 00:45:19 +00:00

91 lines
4.3 KiB
XML
Raw Blame History

<sect2>
<title>Configuring <application>Tripwire</application></title>
<sect3><title>Config files</title>
<para><filename class="directory">/etc/tripwire</filename></para>
</sect3>
<sect3><title>Configuration Information</title>
<para><application>Tripwire</application> uses a policy file to determine which
files integrity are checked. The default policy file (<filename>twpol.txt
</filename> found in <filename class="directory">/etc/tripwire/</filename>) is for a default
installation of Redhat 7.0 and is woefully outdated.</para>
<para>Policy files are also a custom thing and should be tailored to each
individual distribution and/or installation. Some custom policy files can be
found below: </para>
<screen><ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt</ulink>
Checks integrity of all files
<ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt</ulink>
Custom policy file for Base LFS 3.0 system
<ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt</ulink>
Custom policy file for SuSE 7.2 system</screen>
<para>Download the custom policy file you'd like to try, copy it into
<filename class="directory">/etc/tripwire/</filename>, and use it instead of
<filename>twpol.txt</filename>. It is, however, recommended that you make your own policy file.
Get ideas from the examples above and read <filename>
/usr/share/doc/tripwire/policyguide.txt</filename>. <filename>twpol.txt
</filename> is a good policy file for beginners as it will note any changes to
the filesystem and can even be used as an annoying way of keeping track of
changes for uninstallation of software.</para>
<para>After your policy file has been transferred to <filename
class="directory">/etc/tripwire/</filename> you may begin the configuration steps:</para>
<screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
tripwire -m i</command></userinput></screen>
<para>During configuration <application>Tripwire</application> will create two (2) keys: a site key and
a local key which will be stored in <filename class="directory">/etc/tripwire/
</filename>.</para>
</sect3>
<sect3><title>Usage Information</title>
<para>To use <application>Tripwire</application> after this and run a report,
use the following command:</para>
<screen><userinput><command>tripwire -m c &gt; /etc/tripwire/report.txt
</command></userinput></screen>
<para>View the output to check the integrity of your files. An automatic
integrity report can be produced by using a cron facility to schedule
the runs. </para>
<para>Please note that after you run an integrity check, you must check
the report or email and then modify the
<application>Tripwire</application> database of the files
on your system so that <application>Tripwire</application> will not continually notify you that
files you intentionally changed are a security violation. To do this you
must first <command>ls /var/lib/tripwire/report/</command> and note
the name of the newest file which starts with <filename>linux-</filename> and
ends in <filename>.twr</filename>. This encrypted file was created during the
last report creation and is needed to update the
<application>Tripwire</application> database of your
system. Then, type in the following command making the appropriate
substitutions for '?':</para>
<screen><userinput><command>tripwire -m u -r /var/lib/tripwire/report/linux-???????-??????.twr </command></userinput></screen>
<para>You will be placed into vim with a copy of the report in front of you. If
all the changes were good, then just type <command>:x</command> and after
entering your local key, the database will be updated. If there are files which
you still want to be warned about, please remove the x before the filename in
the report and type <command>:x</command>. </para>
</sect3>
<sect3><title>Changing the Policy File</title>
<para>If you are unhappy with your policy file and would like to modify it or
use a new one, modify the policy file and then execute the following
commands:</para>
<screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
tripwire -m i</command></userinput></screen>
</sect3>
</sect2>
Reference in New Issue View Git Blame Copy Permalink