Context Navigation

source: postlfs/security/tripwire.xml@ 4e3dc383

Visit:

12.0 12.1 kea ken/TL2024 ken/tuningfonts lazarus lxqt plabs/newcss python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/llvm18 xry111/xf86-video-removal

Last change on this file since 4e3dc383 was cfd4fa8, checked in by Bruce Dubbs <bdubbs@…>, 16 months ago
Tags
Property mode set to `100644`
File size: 14.1 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY tripwire-download-http "https://github.com/Tripwire/tripwire-open-source/releases/download/&tripwire-version;/tripwire-open-source-&tripwire-version;.tar.gz">
8	<!ENTITY tripwire-download-ftp " ">
9	<!ENTITY tripwire-md5sum "a5cf1bc2f235f5d8ca458f00548db6ee">
10	<!ENTITY tripwire-size "980 KB">
11	<!ENTITY tripwire-buildsize "29 MB">
12	<!ENTITY tripwire-time "1.6 SBU (scripting install)">
13	]>
14
15	<sect1 id="tripwire" xreflabel="Tripwire-&tripwire-version;">
16	<?dbhtml filename="tripwire.html"?>
17
18
19	<title>Tripwire-&tripwire-version;</title>
20
21	<indexterm zone="tripwire">
22	<primary sortas="a-Tripwire">Tripwire</primary>
23	</indexterm>
24
25	<sect2 role="package">
26	<title>Introduction to Tripwire</title>
27
28	<para>
29	The <application>Tripwire</application> package contains programs
30	used to verify the integrity of the files on a given system.
31	</para>
32
33	&lfs113_checked;
34
35	<bridgehead renderas="sect3">Package Information</bridgehead>
36	<itemizedlist spacing="compact">
37	<listitem>
38	<para>
39	Download (HTTP): <ulink url="&tripwire-download-http;"/>
40	</para>
41	</listitem>
42	<listitem>
43	<para>
44	Download (FTP): <ulink url="&tripwire-download-ftp;"/>
45	</para>
46	</listitem>
47	<listitem>
48	<para>
49	Download MD5 sum: &tripwire-md5sum;
50	</para>
51	</listitem>
52	<listitem>
53	<para>
54	Download size: &tripwire-size;
55	</para>
56	</listitem>
57	<listitem>
58	<para>
59	Estimated disk space required: &tripwire-buildsize;
60	</para>
61	</listitem>
62	<listitem>
63	<para>
64	Estimated build time: &tripwire-time;
65	</para>
66	</listitem>
67	</itemizedlist>
68
69	<bridgehead renderas="sect3">Tripwire Dependencies</bridgehead>
70	<!--
71	<bridgehead renderas="sect4">Recommended</bridgehead>
72	<para role="recommended">
73	<xref linkend="openssl"/>
74	</para>
75	-->
76
77	<bridgehead renderas="sect4">Optional</bridgehead>
78	<para role="optional">
79	An <xref linkend="server-mail"/>
80	</para>
81
82	<para condition="html" role="usernotes">User Notes:
83	<ulink url="&blfs-wiki;/tripwire"/></para>
84
85	</sect2>
86
87	<sect2 role="installation">
88	<title>Installation of Tripwire</title>
89
90	<para>
91	Compile <application>Tripwire</application> by running the following
92	commands:
93	</para>
94
95	<screen><userinput>sed -e '/^CLOBBER/s/false/true/' \
96	-e 's\|TWDB="${prefix}\|TWDB="/var\|' \
97	-e '/TWMAN/ s\|${prefix}\|/usr/share\|' \
98	-e '/TWDOCS/s\|${prefix}/doc/tripwire\|/usr/share/doc/tripwire-&tripwire-version;\|' \
99	-i installer/install.cfg &&
100
101	find . -name Makefile.am \| xargs \
102	sed -i 's/^[[:alpha:]_]_HEADERS.=/noinst_HEADERS =/' &&
103
104	sed '/dist/d' -i man/man?/Makefile.am &&
105	autoreconf -fi &&
106
107	./configure --prefix=/usr --sysconfdir=/etc/tripwire &&
108	make CPPFLAGS=-std=c++11</userinput></screen>
109
110	<note>
111	<para>
112	The default configuration is to use a local MTA. If
113	you don't have an MTA installed and have no wish to install
114	one, modify <filename>install/install.cfg</filename> to use an SMTP
115	server instead. Otherwise the install will fail.
116	</para>
117	</note>
118
119	<para>
120	This package does not come with a test suite.
121	</para>
122
123	<para>
124	Now, as the <systemitem class="username">root</systemitem> user:
125	</para>
126
127	<screen role="root"><userinput>make install &&
128	cp -v policy/*.txt /usr/share/doc/tripwire-&tripwire-version;</userinput></screen>
129
130	<note>
131	<para>
132	During <command>make install</command>, several questions
133	are asked, including passwords. If you want to make a script, you have
134	to apply a <application>sed</application> before running
135	<command>make install</command>:
136	</para>
137
138	<screen><userinput>sed -i -e 's@installer/install.sh@& -n -s <replaceable><site-password></replaceable> -l <replaceable><local-password></replaceable>@' Makefile</userinput></screen>
139
140	<para>
141	Of course, you should do this with dummy passwords and change them
142	later.
143	</para>
144
145	<para>
146	Another issue when scripting is that the installer exits when the
147	standard input is not a terminal. You may disable this behavior
148	with the following sed:
149	</para>
150
151	<screen><userinput>sed '/-t 0/,+3d' -i installer/install.sh</userinput></screen>
152
153	</note>
154
155	</sect2>
156
157	<sect2 role="commands">
158	<title>Command Explanations</title>
159
160	<para>
161	<command>sed ... installer/install.cfg</command>: This command tells
162	the package to install the program database and reports in
163	<filename class="directory">/var/lib/tripwire</filename> and sets the
164	proper location for man pages and documentation.
165	</para>
166
167	<para>
168	<command>find ...</command>, <command>sed ...</command>, and
169	<command>autoreconf -fi</command>: The build system is unusable as is, and
170	has to be modified for the build to succeed.
171	</para>
172
173	<para>
174	<option>CPPFLAGS=-std=c++11</option>: Setting the C++ preprocessor
175	flags to version 11 is necessary to prevent a conflict with the
176	default version which is c++17 in recent version of gcc.
177	</para>
178
179	<para>
180	<command>make install</command>: This command creates the
181	<application>Tripwire</application> security keys as well as installing
182	the binaries. There are two keys: a site key and a local key which are
183	stored in <filename class="directory">/etc/tripwire/</filename>.
184	</para>
185
186	<para>
187	<command>cp -v policy/*.txt /usr/doc/tripwire-&tripwire-version;</command>:
188	This command installs the <application>tripwire</application> sample
189	policy files with the other <application>tripwire</application>
190	documentation.i
191	</para>
192
193	</sect2>
194
195	<sect2 role="configuration">
196	<title>Configuring Tripwire</title>
197
198	<sect3 id="tripwire-config">
199	<title>Config Files</title>
200
201	<para>
202	<filename>/etc/tripwire/*</filename>
203	</para>
204
205	<indexterm zone="tripwire tripwire-config">
206	<primary sortas="e-etc-tripwire">/etc/tripwire/*</primary>
207	</indexterm>
208
209	</sect3>
210
211	<sect3>
212	<title>Configuration Information</title>
213
214	<para>
215	<application>Tripwire</application> uses a policy file to
216	determine which files are integrity checked. The default policy
217	file (<filename>/etc/tripwire/twpol.txt</filename>) is for a
218	default installation and will need to be updated for your
219	system.
220	</para>
221
222	<para>
223	Policy files should be tailored to each individual distribution and/or
224	installation. Some example policy files can be found in <filename
225	class="directory">/usr/share/doc/tripwire/</filename>.
226	</para>
227
228	<para>
229	If desired, copy the policy file you'd like to try into <filename
230	class="directory">/etc/tripwire/</filename> instead of using the
231	default policy file, <filename>twpol.txt</filename>. It is, however,
232	recommended that you edit your policy file. Get ideas from the
233	examples above and read
234	<filename>/usr/share/doc/tripwire/policyguide.txt</filename> for
235	additional information. <filename>twpol.txt</filename> is a good
236	policy file for learning about <application>Tripwire</application>
237	as it will note any changes to the file system and can even be used
238	as an annoying way of keeping track of changes for uninstallation of
239	software.
240	</para>
241
242	<para>
243	After your policy file has been edited to your satisfaction you may
244	begin the configuration steps (perform as the <systemitem
245	class='username'>root</systemitem>) user:
246	</para>
247
248	<screen role="root"><userinput>twadmin --create-polfile --site-keyfile /etc/tripwire/site.key \
249	/etc/tripwire/twpol.txt &&
250	tripwire --init</userinput></screen>
251
252	<para>
253	Depending on your system and the contents of the policy file, the
254	initialization phase above can take a relatively long time.
255	</para>
256
257	</sect3>
258
259	<sect3>
260	<title>Usage Information</title>
261
262	<para>
263	<application>Tripwire</application> will identify file changes in
264	the critical system files specified in the policy file. Using
265	<application>Tripwire</application> while making frequent changes to
266	these directories will flag all these changes. It is most useful
267	after a system has reached a configuration that the user considers
268	stable.
269	</para>
270
271	<para>
272	To use <application>Tripwire</application> after creating a policy
273	file to run a report, use the following command:
274	</para>
275
276	<screen role="root"><userinput>tripwire --check > /etc/tripwire/report.txt</userinput></screen>
277
278	<para>
279	View the output to check the integrity of your files. An automatic
280	integrity report can be produced by using a cron facility to schedule
281	the runs.
282	</para>
283
284	<para>
285	Reports are stored in binary and, if desired, encrypted. View reports,
286	as the <systemitem class="username">root</systemitem> user, with:
287	</para>
288
289	<screen role="nodump"><userinput>twprint --print-report -r /var/lib/tripwire/report/<replaceable><report-name.twr></replaceable></userinput></screen>
290
291	<para>
292	After you run an integrity check, you should examine the report (or
293	email) and then modify the <application>Tripwire</application> database
294	to reflect the changed files on your system. This is so that
295	<application>Tripwire</application> will not continually notify you
296	hat files you intentionally changed are a security violation. To do
297	this you must first <command>ls -l /var/lib/tripwire/report/</command>
298	and note the name of the newest file which starts with your system
299	name as presented by the command <userinput>uname -n</userinput> and
300	ends in <filename>.twr</filename>. These files were created during
301	report creation and the most current one is needed to update the
302	<application>Tripwire</application> database of your system. As the
303	<systemitem class='username'>root</systemitem> user, type in the
304	following command making the appropriate report name:
305	</para>
306
307	<screen role="nodump"><userinput>tripwire --update --twrfile /var/lib/tripwire/report/<replaceable><report-name.twr></replaceable></userinput></screen>
308
309	<para>
310	You will be placed into <application>Vim</application> with a copy
311	of the report in front of you. If all the changes were good, then just
312	type <command>:wq</command> and after entering your local key, the
313	database will be updated. If there are files which you still want to
314	be warned about, remove the 'x' before the filename in the report and
315	type <command>:wq</command>.
316	</para>
317
318	</sect3>
319
320	<sect3>
321	<title>Changing the Policy File</title>
322
323	<para>
324	If you are unhappy with your policy file and would like to modify it
325	or use a new one, modify the policy file and then execute the following
326	commands as the <systemitem class='username'>root</systemitem> user:
327	</para>
328
329	<screen role="nodump"><userinput>twadmin --create-polfile /etc/tripwire/twpol.txt &&
330	tripwire --init</userinput></screen>
331
332	</sect3>
333
334	</sect2>
335
336	<sect2 role="content">
337	<title>Contents</title>
338
339	<segmentedlist>
340	<segtitle>Installed Programs</segtitle>
341	<segtitle>Installed Libraries</segtitle>
342	<segtitle>Installed Directories</segtitle>
343
344	<seglistitem>
345	<seg>siggen, tripwire, twadmin, and twprint</seg>
346	<seg>None</seg>
347	<seg>/etc/tripwire, /var/lib/tripwire,
348	and /usr/share/doc/tripwire-&tripwire-version;</seg>
349	</seglistitem>
350	</segmentedlist>
351
352	<variablelist>
353	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
354	<?dbfo list-presentation="list"?>
355	<?dbhtml list-presentation="table"?>
356
357	<varlistentry id="siggen">
358	<term><command>siggen</command></term>
359	<listitem>
360	<para>
361	is a signature gathering utility that displays
362	the hash function values for the specified files
363	</para>
364	<indexterm zone="tripwire siggen">
365	<primary sortas="b-siggen">siggen</primary>
366	</indexterm>
367	</listitem>
368	</varlistentry>
369
370	<varlistentry id="tripwire-program">
371	<term><command>tripwire</command></term>
372	<listitem>
373	<para>
374	is the main file integrity checking program
375	</para>
376	<indexterm zone="tripwire tripwire">
377	<primary sortas="b-tripwire">tripwire</primary>
378	</indexterm>
379	</listitem>
380	</varlistentry>
381
382	<varlistentry id="twadmin">
383	<term><command>twadmin</command></term>
384	<listitem>
385	<para>
386	administrative and utility tool used to perform
387	certain administrative functions related to
388	<application>Tripwire</application> files and configuration
389	options
390	</para>
391	<indexterm zone="tripwire twadmin">
392	<primary sortas="b-twadmin">twadmin</primary>
393	</indexterm>
394	</listitem>
395	</varlistentry>
396
397	<varlistentry id="twprint">
398	<term><command>twprint</command></term>
399	<listitem>
400	<para>
401	prints <application>Tripwire</application>
402	database and report files in clear text format
403	</para>
404	<indexterm zone="tripwire twprint">
405	<primary sortas="b-twprint">twprint</primary>
406	</indexterm>
407	</listitem>
408	</varlistentry>
409
410	</variablelist>
411
412	</sect2>
413
414	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: