source: postlfs/security/tripwire.xml@ 45ab6c7

11.0 11.1 11.2 lazarus qt5new trunk upgradedb xry111/intltool xry111/soup3 xry111/test-20220226
Last change on this file since 45ab6c7 was 45ab6c7, checked in by Xi Ruoyao <xry111@…>, 18 months ago

more SVN prop clean up

Remove "$LastChanged$" everywhere, and also some unused $Date$

  • Property mode set to 100644
File size: 13.9 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY tripwire-download-http "https://github.com/Tripwire/tripwire-open-source/releases/download/&tripwire-version;/tripwire-open-source-&tripwire-version;.tar.gz">
8 <!ENTITY tripwire-download-ftp " ">
9 <!ENTITY tripwire-md5sum "a5cf1bc2f235f5d8ca458f00548db6ee">
10 <!ENTITY tripwire-size "980 KB">
11 <!ENTITY tripwire-buildsize "29 MB">
12 <!ENTITY tripwire-time "1.6 SBU (scripting install)">
13]>
14
15<sect1 id="tripwire" xreflabel="Tripwire-&tripwire-version;">
16 <?dbhtml filename="tripwire.html"?>
17
18 <sect1info>
19 <date>$Date$</date>
20 </sect1info>
21
22 <title>Tripwire-&tripwire-version;</title>
23
24 <indexterm zone="tripwire">
25 <primary sortas="a-Tripwire">Tripwire</primary>
26 </indexterm>
27
28 <sect2 role="package">
29 <title>Introduction to Tripwire</title>
30
31 <para>
32 The <application>Tripwire</application> package contains programs
33 used to verify the integrity of the files on a given system.
34 </para>
35
36 &lfs101_checked;
37
38 <bridgehead renderas="sect3">Package Information</bridgehead>
39 <itemizedlist spacing="compact">
40 <listitem>
41 <para>
42 Download (HTTP): <ulink url="&tripwire-download-http;"/>
43 </para>
44 </listitem>
45 <listitem>
46 <para>
47 Download (FTP): <ulink url="&tripwire-download-ftp;"/>
48 </para>
49 </listitem>
50 <listitem>
51 <para>
52 Download MD5 sum: &tripwire-md5sum;
53 </para>
54 </listitem>
55 <listitem>
56 <para>
57 Download size: &tripwire-size;
58 </para>
59 </listitem>
60 <listitem>
61 <para>
62 Estimated disk space required: &tripwire-buildsize;
63 </para>
64 </listitem>
65 <listitem>
66 <para>
67 Estimated build time: &tripwire-time;
68 </para>
69 </listitem>
70 </itemizedlist>
71
72 <bridgehead renderas="sect3">Tripwire Dependencies</bridgehead>
73<!--
74 <bridgehead renderas="sect4">Recommended</bridgehead>
75 <para role="recommended">
76 <xref linkend="openssl"/>
77 </para>
78-->
79
80 <bridgehead renderas="sect4">Optional</bridgehead>
81 <para role="optional">
82 An <xref linkend="server-mail"/>
83 </para>
84
85 <para condition="html" role="usernotes">User Notes:
86 <ulink url="&blfs-wiki;/tripwire"/></para>
87
88 </sect2>
89
90 <sect2 role="installation">
91 <title>Installation of Tripwire</title>
92
93 <para>
94 Compile <application>Tripwire</application> by running the following
95 commands:
96 </para>
97
98<screen><userinput>sed -e '/^CLOBBER/s/false/true/' \
99 -e 's|TWDB="${prefix}|TWDB="/var|' \
100 -e '/TWMAN/ s|${prefix}|/usr/share|' \
101 -e '/TWDOCS/s|${prefix}/doc/tripwire|/usr/share/doc/tripwire-&tripwire-version;|' \
102 -i installer/install.cfg &amp;&amp;
103
104find . -name Makefile.am | xargs \
105 sed -i 's/^[[:alpha:]_]*_HEADERS.*=/noinst_HEADERS =/' &amp;&amp;
106
107sed '/dist/d' -i man/man?/Makefile.am &amp;&amp;
108autoreconf -fi &amp;&amp;
109
110./configure --prefix=/usr --sysconfdir=/etc/tripwire &amp;&amp;
111make</userinput></screen>
112
113 <note>
114 <para>
115 The default configuration is to use a local MTA. If
116 you don't have an MTA installed and have no wish to install
117 one, modify <filename>install/install.cfg</filename> to use an SMTP
118 server instead. Otherwise the install will fail.
119 </para>
120 </note>
121
122 <para>
123 This package does not come with a test suite.
124 </para>
125
126 <para>
127 Now, as the <systemitem class="username">root</systemitem> user:
128 </para>
129
130<screen role="root"><userinput>make install &amp;&amp;
131cp -v policy/*.txt /usr/share/doc/tripwire-&tripwire-version;</userinput></screen>
132
133 <note>
134 <para>
135 During <command>make install</command>, several questions
136 are asked, including passwords. If you want to make a script, you have
137 to apply a <application>sed</application> before running
138 <command>make install</command>:
139 </para>
140
141<screen><userinput>sed -i -e 's@installer/install.sh@&amp; -n -s <replaceable>&lt;site-password&gt;</replaceable> -l <replaceable>&lt;local-password&gt;</replaceable>@' Makefile</userinput></screen>
142
143 <para>
144 Of course, you should do this with dummy passwords and change them
145 later.
146 </para>
147
148 <para>
149 Another issue when scripting is that the installer exits when the
150 standard input is not a terminal. You may disable this behavior
151 with the following sed:
152 </para>
153
154<screen><userinput>sed '/-t 0/,+3d' -i installer/install.sh</userinput></screen>
155
156 </note>
157
158 </sect2>
159
160 <sect2 role="commands">
161 <title>Command Explanations</title>
162
163 <para>
164 <command>sed ... installer/install.cfg</command>: This command tells
165 the package to install the program database and reports in
166 <filename class="directory">/var/lib/tripwire</filename> and sets the
167 proper location for man pages and documentation.
168 </para>
169
170 <para>
171 <command>find ...</command>, <command>sed ...</command>, and
172 <command>autoreconf -fi</command>: The build system is unusable as is, and
173 has to be modified for the build to succeed.
174 </para>
175
176 <para>
177 <command>make install</command>: This command creates the
178 <application>Tripwire</application> security keys as well as installing
179 the binaries. There are two keys: a site key and a local key which are
180 stored in <filename class="directory">/etc/tripwire/</filename>.
181 </para>
182
183 <para>
184 <command>cp -v policy/*.txt /usr/doc/tripwire-&tripwire-version;</command>:
185 This command installs the <application>tripwire</application> sample
186 policy files with the other <application>tripwire</application>
187 documentation.i
188 </para>
189
190 </sect2>
191
192 <sect2 role="configuration">
193 <title>Configuring Tripwire</title>
194
195 <sect3 id="tripwire-config">
196 <title>Config Files</title>
197
198 <para>
199 <filename>/etc/tripwire/*</filename>
200 </para>
201
202 <indexterm zone="tripwire tripwire-config">
203 <primary sortas="e-etc-tripwire">/etc/tripwire/*</primary>
204 </indexterm>
205
206 </sect3>
207
208 <sect3>
209 <title>Configuration Information</title>
210
211 <para>
212 <application>Tripwire</application> uses a policy file to
213 determine which files are integrity checked. The default policy
214 file (<filename>/etc/tripwire/twpol.txt</filename>) is for a
215 default installation and will need to be updated for your
216 system.
217 </para>
218
219 <para>
220 Policy files should be tailored to each individual distribution and/or
221 installation. Some example policy files can be found in <filename
222 class="directory">/usr/share/doc/tripwire/</filename>.
223 </para>
224
225 <para>
226 If desired, copy the policy file you'd like to try into <filename
227 class="directory">/etc/tripwire/</filename> instead of using the
228 default policy file, <filename>twpol.txt</filename>. It is, however,
229 recommended that you edit your policy file. Get ideas from the
230 examples above and read
231 <filename>/usr/share/doc/tripwire/policyguide.txt</filename> for
232 additional information. <filename>twpol.txt</filename> is a good
233 policy file for learning about <application>Tripwire</application>
234 as it will note any changes to the file system and can even be used
235 as an annoying way of keeping track of changes for uninstallation of
236 software.
237 </para>
238
239 <para>
240 After your policy file has been edited to your satisfaction you may
241 begin the configuration steps (perform as the <systemitem
242 class='username'>root</systemitem>) user:
243 </para>
244
245<screen role="root"><userinput>twadmin --create-polfile --site-keyfile /etc/tripwire/site.key \
246 /etc/tripwire/twpol.txt &amp;&amp;
247tripwire --init</userinput></screen>
248
249 <para>
250 Depending on your system and the contents of the policy file, the
251 initialization phase above can take a relatively long time.
252 </para>
253
254 </sect3>
255
256 <sect3>
257 <title>Usage Information</title>
258
259 <para>
260 <application>Tripwire</application> will identify file changes in
261 the critical system files specified in the policy file. Using
262 <application>Tripwire</application> while making frequent changes to
263 these directories will flag all these changes. It is most useful
264 after a system has reached a configuration that the user considers
265 stable.
266 </para>
267
268 <para>
269 To use <application>Tripwire</application> after creating a policy
270 file to run a report, use the following command:
271 </para>
272
273<screen role="root"><userinput>tripwire --check &gt; /etc/tripwire/report.txt</userinput></screen>
274
275 <para>
276 View the output to check the integrity of your files. An automatic
277 integrity report can be produced by using a cron facility to schedule
278 the runs.
279 </para>
280
281 <para>
282 Reports are stored in binary and, if desired, encrypted. View reports,
283 as the <systemitem class="username">root</systemitem> user, with:
284 </para>
285
286<screen role="nodump"><userinput>twprint --print-report -r /var/lib/tripwire/report/<replaceable>&lt;report-name.twr&gt;</replaceable></userinput></screen>
287
288 <para>
289 After you run an integrity check, you should examine the report (or
290 email) and then modify the <application>Tripwire</application> database
291 to reflect the changed files on your system. This is so that
292 <application>Tripwire</application> will not continually notify you
293 hat files you intentionally changed are a security violation. To do
294 this you must first <command>ls -l /var/lib/tripwire/report/</command>
295 and note the name of the newest file which starts with your system
296 name as presented by the command <userinput>uname -n</userinput> and
297 ends in <filename>.twr</filename>. These files were created during
298 report creation and the most current one is needed to update the
299 <application>Tripwire</application> database of your system. As the
300 <systemitem class='username'>root</systemitem> user, type in the
301 following command making the appropriate report name:
302 </para>
303
304<screen role="nodump"><userinput>tripwire --update --twrfile /var/lib/tripwire/report/<replaceable>&lt;report-name.twr&gt;</replaceable></userinput></screen>
305
306 <para>
307 You will be placed into <application>Vim</application> with a copy
308 of the report in front of you. If all the changes were good, then just
309 type <command>:wq</command> and after entering your local key, the
310 database will be updated. If there are files which you still want to
311 be warned about, remove the 'x' before the filename in the report and
312 type <command>:wq</command>.
313 </para>
314
315 </sect3>
316
317 <sect3>
318 <title>Changing the Policy File</title>
319
320 <para>
321 If you are unhappy with your policy file and would like to modify it
322 or use a new one, modify the policy file and then execute the following
323 commands as the <systemitem class='username'>root</systemitem> user:
324 </para>
325
326<screen role="nodump"><userinput>twadmin --create-polfile /etc/tripwire/twpol.txt &amp;&amp;
327tripwire --init</userinput></screen>
328
329 </sect3>
330
331 </sect2>
332
333 <sect2 role="content">
334 <title>Contents</title>
335
336 <segmentedlist>
337 <segtitle>Installed Programs</segtitle>
338 <segtitle>Installed Libraries</segtitle>
339 <segtitle>Installed Directories</segtitle>
340
341 <seglistitem>
342 <seg>siggen, tripwire, twadmin, and twprint</seg>
343 <seg>None</seg>
344 <seg>/etc/tripwire, /var/lib/tripwire,
345 and /usr/share/doc/tripwire-&tripwire-version;</seg>
346 </seglistitem>
347 </segmentedlist>
348
349 <variablelist>
350 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
351 <?dbfo list-presentation="list"?>
352 <?dbhtml list-presentation="table"?>
353
354 <varlistentry id="siggen">
355 <term><command>siggen</command></term>
356 <listitem>
357 <para>
358 is a signature gathering utility that displays
359 the hash function values for the specified files
360 </para>
361 <indexterm zone="tripwire siggen">
362 <primary sortas="b-siggen">siggen</primary>
363 </indexterm>
364 </listitem>
365 </varlistentry>
366
367 <varlistentry id="tripwire-program">
368 <term><command>tripwire</command></term>
369 <listitem>
370 <para>
371 is the main file integrity checking program
372 </para>
373 <indexterm zone="tripwire tripwire">
374 <primary sortas="b-tripwire">tripwire</primary>
375 </indexterm>
376 </listitem>
377 </varlistentry>
378
379 <varlistentry id="twadmin">
380 <term><command>twadmin</command></term>
381 <listitem>
382 <para>
383 administrative and utility tool used to perform
384 certain administrative functions related to
385 <application>Tripwire</application> files and configuration
386 options
387 </para>
388 <indexterm zone="tripwire twadmin">
389 <primary sortas="b-twadmin">twadmin</primary>
390 </indexterm>
391 </listitem>
392 </varlistentry>
393
394 <varlistentry id="twprint">
395 <term><command>twprint</command></term>
396 <listitem>
397 <para>
398 prints <application>Tripwire</application>
399 database and report files in clear text format
400 </para>
401 <indexterm zone="tripwire twprint">
402 <primary sortas="b-twprint">twprint</primary>
403 </indexterm>
404 </listitem>
405 </varlistentry>
406
407 </variablelist>
408
409 </sect2>
410
411</sect1>
Note: See TracBrowser for help on using the repository browser.