source: postlfs/security/tripwire.xml

trunk
Last change on this file was 3f2db3a6, checked in by Pierre Labastie <pierre.labastie@…>, 6 days ago

Remove sect1info tags

They only contain a date tag that is nowhere used.

  • Property mode set to 100644
File size: 14.1 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY tripwire-download-http "https://github.com/Tripwire/tripwire-open-source/releases/download/&tripwire-version;/tripwire-open-source-&tripwire-version;.tar.gz">
8 <!ENTITY tripwire-download-ftp " ">
9 <!ENTITY tripwire-md5sum "a5cf1bc2f235f5d8ca458f00548db6ee">
10 <!ENTITY tripwire-size "980 KB">
11 <!ENTITY tripwire-buildsize "29 MB">
12 <!ENTITY tripwire-time "1.6 SBU (scripting install)">
13]>
14
15<sect1 id="tripwire" xreflabel="Tripwire-&tripwire-version;">
16 <?dbhtml filename="tripwire.html"?>
17
18
19 <title>Tripwire-&tripwire-version;</title>
20
21 <indexterm zone="tripwire">
22 <primary sortas="a-Tripwire">Tripwire</primary>
23 </indexterm>
24
25 <sect2 role="package">
26 <title>Introduction to Tripwire</title>
27
28 <para>
29 The <application>Tripwire</application> package contains programs
30 used to verify the integrity of the files on a given system.
31 </para>
32
33 &lfs112_checked;
34
35 <bridgehead renderas="sect3">Package Information</bridgehead>
36 <itemizedlist spacing="compact">
37 <listitem>
38 <para>
39 Download (HTTP): <ulink url="&tripwire-download-http;"/>
40 </para>
41 </listitem>
42 <listitem>
43 <para>
44 Download (FTP): <ulink url="&tripwire-download-ftp;"/>
45 </para>
46 </listitem>
47 <listitem>
48 <para>
49 Download MD5 sum: &tripwire-md5sum;
50 </para>
51 </listitem>
52 <listitem>
53 <para>
54 Download size: &tripwire-size;
55 </para>
56 </listitem>
57 <listitem>
58 <para>
59 Estimated disk space required: &tripwire-buildsize;
60 </para>
61 </listitem>
62 <listitem>
63 <para>
64 Estimated build time: &tripwire-time;
65 </para>
66 </listitem>
67 </itemizedlist>
68
69 <bridgehead renderas="sect3">Tripwire Dependencies</bridgehead>
70<!--
71 <bridgehead renderas="sect4">Recommended</bridgehead>
72 <para role="recommended">
73 <xref linkend="openssl"/>
74 </para>
75-->
76
77 <bridgehead renderas="sect4">Optional</bridgehead>
78 <para role="optional">
79 An <xref linkend="server-mail"/>
80 </para>
81
82 <para condition="html" role="usernotes">User Notes:
83 <ulink url="&blfs-wiki;/tripwire"/></para>
84
85 </sect2>
86
87 <sect2 role="installation">
88 <title>Installation of Tripwire</title>
89
90 <para>
91 Compile <application>Tripwire</application> by running the following
92 commands:
93 </para>
94
95<screen><userinput>sed -e '/^CLOBBER/s/false/true/' \
96 -e 's|TWDB="${prefix}|TWDB="/var|' \
97 -e '/TWMAN/ s|${prefix}|/usr/share|' \
98 -e '/TWDOCS/s|${prefix}/doc/tripwire|/usr/share/doc/tripwire-&tripwire-version;|' \
99 -i installer/install.cfg &amp;&amp;
100
101find . -name Makefile.am | xargs \
102 sed -i 's/^[[:alpha:]_]*_HEADERS.*=/noinst_HEADERS =/' &amp;&amp;
103
104sed '/dist/d' -i man/man?/Makefile.am &amp;&amp;
105autoreconf -fi &amp;&amp;
106
107./configure --prefix=/usr --sysconfdir=/etc/tripwire &amp;&amp;
108make CPPFLAGS=-std=c++11</userinput></screen>
109
110 <note>
111 <para>
112 The default configuration is to use a local MTA. If
113 you don't have an MTA installed and have no wish to install
114 one, modify <filename>install/install.cfg</filename> to use an SMTP
115 server instead. Otherwise the install will fail.
116 </para>
117 </note>
118
119 <para>
120 This package does not come with a test suite.
121 </para>
122
123 <para>
124 Now, as the <systemitem class="username">root</systemitem> user:
125 </para>
126
127<screen role="root"><userinput>make install &amp;&amp;
128cp -v policy/*.txt /usr/share/doc/tripwire-&tripwire-version;</userinput></screen>
129
130 <note>
131 <para>
132 During <command>make install</command>, several questions
133 are asked, including passwords. If you want to make a script, you have
134 to apply a <application>sed</application> before running
135 <command>make install</command>:
136 </para>
137
138<screen><userinput>sed -i -e 's@installer/install.sh@&amp; -n -s <replaceable>&lt;site-password&gt;</replaceable> -l <replaceable>&lt;local-password&gt;</replaceable>@' Makefile</userinput></screen>
139
140 <para>
141 Of course, you should do this with dummy passwords and change them
142 later.
143 </para>
144
145 <para>
146 Another issue when scripting is that the installer exits when the
147 standard input is not a terminal. You may disable this behavior
148 with the following sed:
149 </para>
150
151<screen><userinput>sed '/-t 0/,+3d' -i installer/install.sh</userinput></screen>
152
153 </note>
154
155 </sect2>
156
157 <sect2 role="commands">
158 <title>Command Explanations</title>
159
160 <para>
161 <command>sed ... installer/install.cfg</command>: This command tells
162 the package to install the program database and reports in
163 <filename class="directory">/var/lib/tripwire</filename> and sets the
164 proper location for man pages and documentation.
165 </para>
166
167 <para>
168 <command>find ...</command>, <command>sed ...</command>, and
169 <command>autoreconf -fi</command>: The build system is unusable as is, and
170 has to be modified for the build to succeed.
171 </para>
172
173 <para>
174 <option>CPPFLAGS=-std=c++11</option>: Setting the C++ preprocessor
175 flags to version 11 is necessary to prevent a conflict with the
176 default version which is c++17 in recent version of gcc.
177 </para>
178
179 <para>
180 <command>make install</command>: This command creates the
181 <application>Tripwire</application> security keys as well as installing
182 the binaries. There are two keys: a site key and a local key which are
183 stored in <filename class="directory">/etc/tripwire/</filename>.
184 </para>
185
186 <para>
187 <command>cp -v policy/*.txt /usr/doc/tripwire-&tripwire-version;</command>:
188 This command installs the <application>tripwire</application> sample
189 policy files with the other <application>tripwire</application>
190 documentation.i
191 </para>
192
193 </sect2>
194
195 <sect2 role="configuration">
196 <title>Configuring Tripwire</title>
197
198 <sect3 id="tripwire-config">
199 <title>Config Files</title>
200
201 <para>
202 <filename>/etc/tripwire/*</filename>
203 </para>
204
205 <indexterm zone="tripwire tripwire-config">
206 <primary sortas="e-etc-tripwire">/etc/tripwire/*</primary>
207 </indexterm>
208
209 </sect3>
210
211 <sect3>
212 <title>Configuration Information</title>
213
214 <para>
215 <application>Tripwire</application> uses a policy file to
216 determine which files are integrity checked. The default policy
217 file (<filename>/etc/tripwire/twpol.txt</filename>) is for a
218 default installation and will need to be updated for your
219 system.
220 </para>
221
222 <para>
223 Policy files should be tailored to each individual distribution and/or
224 installation. Some example policy files can be found in <filename
225 class="directory">/usr/share/doc/tripwire/</filename>.
226 </para>
227
228 <para>
229 If desired, copy the policy file you'd like to try into <filename
230 class="directory">/etc/tripwire/</filename> instead of using the
231 default policy file, <filename>twpol.txt</filename>. It is, however,
232 recommended that you edit your policy file. Get ideas from the
233 examples above and read
234 <filename>/usr/share/doc/tripwire/policyguide.txt</filename> for
235 additional information. <filename>twpol.txt</filename> is a good
236 policy file for learning about <application>Tripwire</application>
237 as it will note any changes to the file system and can even be used
238 as an annoying way of keeping track of changes for uninstallation of
239 software.
240 </para>
241
242 <para>
243 After your policy file has been edited to your satisfaction you may
244 begin the configuration steps (perform as the <systemitem
245 class='username'>root</systemitem>) user:
246 </para>
247
248<screen role="root"><userinput>twadmin --create-polfile --site-keyfile /etc/tripwire/site.key \
249 /etc/tripwire/twpol.txt &amp;&amp;
250tripwire --init</userinput></screen>
251
252 <para>
253 Depending on your system and the contents of the policy file, the
254 initialization phase above can take a relatively long time.
255 </para>
256
257 </sect3>
258
259 <sect3>
260 <title>Usage Information</title>
261
262 <para>
263 <application>Tripwire</application> will identify file changes in
264 the critical system files specified in the policy file. Using
265 <application>Tripwire</application> while making frequent changes to
266 these directories will flag all these changes. It is most useful
267 after a system has reached a configuration that the user considers
268 stable.
269 </para>
270
271 <para>
272 To use <application>Tripwire</application> after creating a policy
273 file to run a report, use the following command:
274 </para>
275
276<screen role="root"><userinput>tripwire --check &gt; /etc/tripwire/report.txt</userinput></screen>
277
278 <para>
279 View the output to check the integrity of your files. An automatic
280 integrity report can be produced by using a cron facility to schedule
281 the runs.
282 </para>
283
284 <para>
285 Reports are stored in binary and, if desired, encrypted. View reports,
286 as the <systemitem class="username">root</systemitem> user, with:
287 </para>
288
289<screen role="nodump"><userinput>twprint --print-report -r /var/lib/tripwire/report/<replaceable>&lt;report-name.twr&gt;</replaceable></userinput></screen>
290
291 <para>
292 After you run an integrity check, you should examine the report (or
293 email) and then modify the <application>Tripwire</application> database
294 to reflect the changed files on your system. This is so that
295 <application>Tripwire</application> will not continually notify you
296 hat files you intentionally changed are a security violation. To do
297 this you must first <command>ls -l /var/lib/tripwire/report/</command>
298 and note the name of the newest file which starts with your system
299 name as presented by the command <userinput>uname -n</userinput> and
300 ends in <filename>.twr</filename>. These files were created during
301 report creation and the most current one is needed to update the
302 <application>Tripwire</application> database of your system. As the
303 <systemitem class='username'>root</systemitem> user, type in the
304 following command making the appropriate report name:
305 </para>
306
307<screen role="nodump"><userinput>tripwire --update --twrfile /var/lib/tripwire/report/<replaceable>&lt;report-name.twr&gt;</replaceable></userinput></screen>
308
309 <para>
310 You will be placed into <application>Vim</application> with a copy
311 of the report in front of you. If all the changes were good, then just
312 type <command>:wq</command> and after entering your local key, the
313 database will be updated. If there are files which you still want to
314 be warned about, remove the 'x' before the filename in the report and
315 type <command>:wq</command>.
316 </para>
317
318 </sect3>
319
320 <sect3>
321 <title>Changing the Policy File</title>
322
323 <para>
324 If you are unhappy with your policy file and would like to modify it
325 or use a new one, modify the policy file and then execute the following
326 commands as the <systemitem class='username'>root</systemitem> user:
327 </para>
328
329<screen role="nodump"><userinput>twadmin --create-polfile /etc/tripwire/twpol.txt &amp;&amp;
330tripwire --init</userinput></screen>
331
332 </sect3>
333
334 </sect2>
335
336 <sect2 role="content">
337 <title>Contents</title>
338
339 <segmentedlist>
340 <segtitle>Installed Programs</segtitle>
341 <segtitle>Installed Libraries</segtitle>
342 <segtitle>Installed Directories</segtitle>
343
344 <seglistitem>
345 <seg>siggen, tripwire, twadmin, and twprint</seg>
346 <seg>None</seg>
347 <seg>/etc/tripwire, /var/lib/tripwire,
348 and /usr/share/doc/tripwire-&tripwire-version;</seg>
349 </seglistitem>
350 </segmentedlist>
351
352 <variablelist>
353 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
354 <?dbfo list-presentation="list"?>
355 <?dbhtml list-presentation="table"?>
356
357 <varlistentry id="siggen">
358 <term><command>siggen</command></term>
359 <listitem>
360 <para>
361 is a signature gathering utility that displays
362 the hash function values for the specified files
363 </para>
364 <indexterm zone="tripwire siggen">
365 <primary sortas="b-siggen">siggen</primary>
366 </indexterm>
367 </listitem>
368 </varlistentry>
369
370 <varlistentry id="tripwire-program">
371 <term><command>tripwire</command></term>
372 <listitem>
373 <para>
374 is the main file integrity checking program
375 </para>
376 <indexterm zone="tripwire tripwire">
377 <primary sortas="b-tripwire">tripwire</primary>
378 </indexterm>
379 </listitem>
380 </varlistentry>
381
382 <varlistentry id="twadmin">
383 <term><command>twadmin</command></term>
384 <listitem>
385 <para>
386 administrative and utility tool used to perform
387 certain administrative functions related to
388 <application>Tripwire</application> files and configuration
389 options
390 </para>
391 <indexterm zone="tripwire twadmin">
392 <primary sortas="b-twadmin">twadmin</primary>
393 </indexterm>
394 </listitem>
395 </varlistentry>
396
397 <varlistentry id="twprint">
398 <term><command>twprint</command></term>
399 <listitem>
400 <para>
401 prints <application>Tripwire</application>
402 database and report files in clear text format
403 </para>
404 <indexterm zone="tripwire twprint">
405 <primary sortas="b-twprint">twprint</primary>
406 </indexterm>
407 </listitem>
408 </varlistentry>
409
410 </variablelist>
411
412 </sect2>
413
414</sect1>
Note: See TracBrowser for help on using the repository browser.