linux-from-scratch/glfs
1
0
Fork 0
mirror of https://github.com/Zeckmathederg/glfs.git synced 2025-02-01 04:52:12 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
a0f03b0675
glfs/postlfs/security/tripwire.xml
Archaic a0f03b0675 Inserting sect1info 
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2591 af4574ff-66df-0310-9fd7-8a98e5e911e0
2004-08-10 04:23:09 +00:00

224 lines
8.6 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!ENTITY tripwire-download-http "http://prdownloads.sourceforge.net/tripwire/tripwire-&tripwire-version;.tar.gz">
<!ENTITY tripwire-download-ftp "ftp://ftp.fu-berlin.de/unix/security/tripwire/tripwire-&tripwire-version;.tar.gz">
<!ENTITY tripwire-size "1.4 MB">
<!ENTITY tripwire-buildsize "63 MB">
<!ENTITY tripwire-time "2.35 SBU">
]>
<sect1 id="tripwire" xreflabel="Tripwire-&tripwire-version;">
<sect1info>
<othername>$LastChangedBy: $</othername>
<date>$Date: $</date>
</sect1info>
<?dbhtml filename="tripwire.html"?>
<title>Tripwire-&tripwire-version;</title>
<sect2>
<title>Introduction to <application>Tripwire</application></title>
<para>The <application>Tripwire</application> package contains programs used
to verify the integrity of the files on a given system.</para>
<sect3><title>Package information</title>
<itemizedlist spacing='compact'>
<listitem><para>Download (HTTP): <ulink
url="&tripwire-download-http;"/></para></listitem>
<listitem><para>Download (FTP): <ulink
url="&tripwire-download-ftp;"/></para></listitem>
<listitem><para>Download size: &tripwire-size;</para></listitem>
<listitem><para>Estimated Disk space required:
&tripwire-buildsize;</para></listitem>
<listitem><para>Estimated build time:
&tripwire-time;</para></listitem></itemizedlist>
</sect3>
<sect3><title>Additional downloads</title>
<itemizedlist spacing='compact'>
<listitem><para>Required patch to fix multiple build issues (see patch for
more information): <ulink
url="&patch-root;/tripwire-&tripwire-version;-gcc3_build_fixes-1.patch"/></para></listitem>
</itemizedlist>
</sect3>
<sect3><title><application>Tripwire</application> dependencies</title>
<sect4><title>Optional</title>
<para><acronym>MTA</acronym> (See <xref linkend="server-mail"/>)</para></sect4>
</sect3>
</sect2>
<sect2>
<title>Installation of <application>Tripwire</application></title>
<para>Compile <application>Tripwire</application> by running the following
commands:</para>
<screen><userinput><command>patch -Np1 -i ../tripwire-&tripwire-version;-gcc3_build_fixes-1.patch &amp;&amp;
make -C src release &amp;&amp;
cp install/install.{sh,cfg} .</command></userinput></screen>
<para>The default configuration is to use a local <acronym>MTA</acronym>. If
you don't have an <acronym>MTA</acronym> installed and have no wish to install
one, modify <filename>install.cfg</filename> to use an <acronym>SMTP</acronym>
server instead. Install <application>Tripwire</application> by running the
following commands:</para>
<screen><userinput><command>./install.sh &amp;&amp;
cp /etc/tripwire/tw.cfg /usr/sbin &amp;&amp;
cp policy/*.txt /usr/share/doc/tripwire</command></userinput></screen>
</sect2>
<sect2>
<title>Command explanations</title>
<para><command>make release</command>: This command creates the
<application>Tripwire</application> binaries.</para>
<para><command>cp install.{sh,cfg} .</command>: These files are copied to
the main <application>Tripwire</application> directory so that the script
can be used to install the package.</para>
<para><command>cp policy/*.txt /usr/share/doc/tripwire</command>: This command
installs the documentation.</para>
</sect2>
<sect2>
<title>Configuring <application>Tripwire</application></title>
<sect3><title>Config files</title>
<para><filename>/etc/tripwire/*</filename></para>
</sect3>
<sect3><title>Configuration Information</title>
<para><application>Tripwire</application> uses a policy file to determine which
files are integrity checked. The default policy file
(<filename>/etc/tripwire/twpol.txt</filename>) is for a default
installation of Redhat 7.0 and is woefully outdated.</para>
<para>Policy files are also a custom thing and should be tailored to each
individual distribution and/or installation. Some custom policy files can be
found below: </para>
<screen><ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt"/>
Checks integrity of all files
<ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt"/>
Custom policy file for Base LFS 3.0 system
<ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt"/>
Custom policy file for SuSE 7.2 system</screen>
<para>Download the custom policy file you'd like to try, copy it into
<filename class="directory">/etc/tripwire/</filename>, and use it instead of
<filename>twpol.txt</filename>. It is, however, recommended that you make
your own policy file. Get ideas from the examples above and read
<filename>/usr/share/doc/tripwire/policyguide.txt</filename> for additional
information. <filename>twpol.txt</filename> is a good policy file for beginners
as it will note any changes to the file system and can even be used as an
annoying way of keeping track of changes for uninstallation of software.</para>
<para>After your policy file has been transferred to
<filename class="directory">/etc/tripwire/</filename> you may begin the
configuration steps:</para>
<screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
tripwire -m i</command></userinput></screen>
<para>During installation <application>Tripwire</application> will create two
keys: a site key and a local key which are stored in
<filename class="directory">/etc/tripwire/</filename>.</para>
</sect3>
<sect3><title>Usage Information</title>
<para>To use <application>Tripwire</application> after creating a policy file
to run a report, use the following command:</para>
<screen><userinput><command>tripwire -m c &gt; /etc/tripwire/report.txt</command></userinput></screen>
<para>View the output to check the integrity of your files. An automatic
integrity report can be produced by using a cron facility to schedule
the runs.</para>
<para>Please note that after you run an integrity check, you must examine
the report (or email) and then modify the <application>Tripwire</application>
database to reflect the changed files on your system. This is so that
<application>Tripwire</application> will not continually notify you that
files you intentionally changed are a security violation. To do this you
must first <command>ls -l /var/lib/tripwire/report/</command> and note
the name of the newest file which starts with <filename>linux-</filename> and
ends in <filename>.twr</filename>. This encrypted file was created during the
last report creation and is needed to update the
<application>Tripwire</application> database of your
system. Then, type in the following command making the appropriate
substitutions for <replaceable>[?]</replaceable>:</para>
<screen><userinput><command>tripwire -m u -r /var/lib/tripwire/report/linux-<replaceable>[???????]</replaceable>-<replaceable>[??????]</replaceable>.twr</command></userinput></screen>
<para>You will be placed into <application>vim</application> with a copy of
the report in front of you. If all the changes were good, then just type
<command>:x</command> and after entering your local key, the database will be
updated. If there are files which you still want to be warned about, remove the
'x' before the filename in the report and type <command>:x</command>.</para>
</sect3>
<sect3><title>Changing the Policy File</title>
<para>If you are unhappy with your policy file and would like to modify it or
use a new one, modify the policy file and then execute the following
commands:</para>
<screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
tripwire -m i</command></userinput></screen>
</sect3>
</sect2>
<sect2>
<title>Contents</title>
<para>The <application>Tripwire</application> package contains
<command>siggen</command>, <command>tripwire</command>,
<command>twadmin</command> and <command>twprint</command>.</para>
</sect2>
<sect2>
<title>Description</title>
<sect3>
<title>siggen</title>
<para><command>siggen</command> is a signature gathering utility that displays
the hash function values for the specified files.</para></sect3>
<sect3>
<title>tripwire</title>
<para><command>tripwire</command> is the main file integrity checking program.
</para></sect3>
<sect3>
<title>twadmin</title>
<para><command>twadmin</command> is <application>Tripwire</application>'s
administrative and utility tool used to perform certain administrative
functions related to <application>Tripwire</application> files and
configuration options.</para></sect3>
<sect3>
<title>twprint</title>
<para><command>twprint</command> prints <application>Tripwire</application>
database and report files in clear text format.</para></sect3>
</sect2>
</sect1>
Reference in New Issue View Git Blame Copy Permalink