source: postlfs/security/tripwire.xml@ 518538f

10.0 10.1 11.0 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 ken/refactor-virt krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since 518538f was 518538f, checked in by Randy McMurchy <randy@…>, 17 years ago

Standardized the 'Estimated disk space required' text

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@3244 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 8.4 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
3 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY tripwire-download-http "http://www.frenchfries.net/paul/tripwire/tripwire-&tripwire-version;.tar.gz">
8 <!ENTITY tripwire-download-ftp " ">
9 <!ENTITY tripwire-size "869 KB">
10 <!ENTITY tripwire-buildsize "22 MB">
11 <!ENTITY tripwire-time "2.96 SBU">
12]>
13
14<sect1 id="tripwire-portable" xreflabel="Tripwire-&tripwire-version;">
15<sect1info>
16<othername>$LastChangedBy$</othername>
17<date>$Date$</date>
18</sect1info>
19<?dbhtml filename="tripwire.html"?>
20<title>Tripwire-&tripwire-version;</title>
21
22<sect2>
23<title>Introduction to <application>Tripwire</application></title>
24
25<para>The <application>Tripwire</application> package contains programs used
26to verify the integrity of the files on a given system.</para>
27
28<sect3><title>Package information</title>
29<itemizedlist spacing='compact'>
30<listitem><para>Download (HTTP): <ulink
31url="&tripwire-download-http;"/></para></listitem>
32<listitem><para>Download (FTP): <ulink
33url="&tripwire-download-ftp;"/></para></listitem>
34<listitem><para>Download size: &tripwire-size;</para></listitem>
35<listitem><para>Estimated disk space required:
36&tripwire-buildsize;</para></listitem>
37<listitem><para>Estimated build time:
38&tripwire-time;</para></listitem></itemizedlist>
39</sect3>
40
41<sect3><title><application>Tripwire</application> dependencies</title>
42<sect4><title>Optional</title>
43<para><acronym>MTA</acronym> (See <xref linkend="server-mail"/>)</para></sect4>
44</sect3>
45
46</sect2>
47
48<sect2>
49<title>Installation of <application>Tripwire</application></title>
50
51<para>Compile <application>Tripwire</application> by running the following
52commands:</para>
53
54<screen><userinput><command>sed -i -e 's@TWDB="${prefix}@TWDB="/var/lib@' install/install.cfg &amp;&amp;
55./configure --prefix=/usr --sysconfdir=/etc/tripwire &amp;&amp;
56make &amp;&amp;
57make install &amp;&amp;
58cp policy/*.txt /usr/share/doc/tripwire</command></userinput></screen>
59
60<para>The default configuration is to use a local <acronym>MTA</acronym>. If
61you don't have an <acronym>MTA</acronym> installed and have no wish to install
62one, modify <filename>install.cfg</filename> to use an <acronym>SMTP</acronym>
63server instead.</para>
64
65</sect2>
66
67<sect2>
68<title>Command explanations</title>
69
70<para><command>sed -i -e 's@TWDB="${prefix}@TWDB="/var/lib@' install/install.cfg</command>:
71This command tells the package to install the program database and reports in
72<filename>/var/lib/tripwire</filename>.</para>
73
74<para><command>make install</command>: This command creates the
75<application>Tripwire</application> security keys as well as installing the
76binaries. There are two keys: a site key and a local key which are stored in
77<filename class="directory">/etc/tripwire/</filename>.</para>
78
79<para><command>cp policy/*.txt /usr/share/doc/tripwire</command>: This command
80installs the documentation.</para>
81
82</sect2>
83
84<sect2>
85<title>Configuring <application>Tripwire</application></title>
86
87<sect3><title>Config files</title>
88<para><filename>/etc/tripwire/*</filename></para>
89</sect3>
90
91<sect3><title>Configuration Information</title>
92
93<para><application>Tripwire</application> uses a policy file to determine which
94files are integrity checked. The default policy file
95(<filename>/etc/tripwire/twpol.txt</filename>) is for a default
96installation Redhat and will need to be updated for your system.</para>
97
98<para>Policy files should be tailored to each individual distribution and/or
99installation. Some custom policy files can be found below: </para>
100
101<screen><ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt"/>
102Checks integrity of all files
103<ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt"/>
104Custom policy file for Base LFS 3.0 system
105<ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt"/>
106Custom policy file for SuSE 7.2 system</screen>
107
108<para>Download the custom policy file you'd like to try, copy it into
109<filename class="directory">/etc/tripwire/</filename>, and use it instead of
110<filename>twpol.txt</filename>. It is, however, recommended that you make
111your own policy file. Get ideas from the examples above and read
112<filename>/usr/share/doc/tripwire/policyguide.txt</filename> for additional
113information. <filename>twpol.txt</filename> is a good policy file for beginners
114as it will note any changes to the file system and can even be used as an
115annoying way of keeping track of changes for uninstallation of software.</para>
116
117<para>After your policy file has been transferred to
118<filename class="directory">/etc/tripwire/</filename> you may begin the
119configuration steps:</para>
120
121<screen><userinput><command>twadmin --create-polfile --site-keyfile=/etc/tripwire site.key /etc/tripwire/twpol.txt &amp;&amp;
122tripwire --init</command></userinput></screen>
123
124</sect3>
125
126<sect3><title>Usage Information</title>
127<para>To use <application>Tripwire</application> after creating a policy file
128to run a report, use the following command:</para>
129
130<screen><userinput><command>tripwire --check &gt; /etc/tripwire/report.txt</command></userinput></screen>
131
132<para>View the output to check the integrity of your files. An automatic
133integrity report can be produced by using a cron facility to schedule
134the runs.</para>
135
136<para>Please note that after you run an integrity check, you must examine
137the report (or email) and then modify the <application>Tripwire</application>
138database to reflect the changed files on your system. This is so that
139<application>Tripwire</application> will not continually notify you that
140files you intentionally changed are a security violation. To do this you
141must first <command>ls -l /var/lib/tripwire/report/</command> and note
142the name of the newest file which starts with <filename>linux-</filename> and
143ends in <filename>.twr</filename>. This encrypted file was created during the
144last report creation and is needed to update the
145<application>Tripwire</application> database of your
146system. Then, type in the following command making the appropriate
147substitutions for <replaceable>[?]</replaceable>:</para>
148
149<screen><userinput><command>tripwire --update -twrfile /var/lib/tripwire/report/linux-<replaceable>[???????]</replaceable>-<replaceable>[??????]</replaceable>.twr</command></userinput></screen>
150
151<para>You will be placed into <application>vim</application> with a copy of
152the report in front of you. If all the changes were good, then just type
153<command>:x</command> and after entering your local key, the database will be
154updated. If there are files which you still want to be warned about, remove the
155'x' before the filename in the report and type <command>:x</command>.</para>
156
157</sect3>
158
159<sect3><title>Changing the Policy File</title>
160
161<para>If you are unhappy with your policy file and would like to modify it or
162use a new one, modify the policy file and then execute the following
163commands:</para>
164
165<screen><userinput><command>twadmin --create-polfile /etc/tripwire/twpol.txt &amp;&amp;
166tripwire --init</command></userinput></screen>
167
168</sect3>
169
170</sect2>
171
172<sect2>
173<title>Contents</title>
174<segmentedlist>
175 <segtitle>Installed Programs</segtitle>
176 <seglistitem>
177 <seg>siggen, tripwire, twadmin and twprint.</seg>
178 </seglistitem>
179</segmentedlist>
180
181<variablelist>
182 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
183 <?dbfo list-presentation="list"?>
184
185 <varlistentry id="siggen">
186 <term><command>siggen</command></term>
187 <listitem><para>is a signature gathering utility that displays
188 the hash function values for the specified files.</para>
189 </listitem>
190 </varlistentry>
191
192 <varlistentry id='tripwire'>
193 <term><command>tripwire</command></term>
194 <listitem><para>is the main file integrity checking program.</para></listitem>
195 </varlistentry>
196
197 <varlistentry id='twadmin'>
198 <term><command>twadmin</command></term>
199 <listitem><para>administrative and utility tool used to perform
200 certain administrative functions related to
201 <application>Tripwire</application> files and configuration options.</para>
202 </listitem>
203 </varlistentry>
204
205 <varlistentry id='twprint'>
206 <term><command>twprint</command></term>
207 <listitem><para>prints <application>Tripwire</application>
208 database and report files in clear text format.</para>
209 </listitem>
210 </varlistentry>
211</variablelist>
212
213</sect2>
214
215</sect1>
216
Note: See TracBrowser for help on using the repository browser.