source: postlfs/security/tripwire.xml@ 8394f7d1

11.0 11.1 11.2 lazarus qt5new trunk upgradedb xry111/intltool xry111/soup3 xry111/test-20220226
Last change on this file since 8394f7d1 was 8394f7d1, checked in by Bruce Dubbs <bdubbs@…>, 14 months ago

Tags and a pakage update.
Update to pavucontrol-5.0.

  • Property mode set to 100644
File size: 14.1 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY tripwire-download-http "https://github.com/Tripwire/tripwire-open-source/releases/download/&tripwire-version;/tripwire-open-source-&tripwire-version;.tar.gz">
8 <!ENTITY tripwire-download-ftp " ">
9 <!ENTITY tripwire-md5sum "a5cf1bc2f235f5d8ca458f00548db6ee">
10 <!ENTITY tripwire-size "980 KB">
11 <!ENTITY tripwire-buildsize "29 MB">
12 <!ENTITY tripwire-time "1.6 SBU (scripting install)">
13]>
14
15<sect1 id="tripwire" xreflabel="Tripwire-&tripwire-version;">
16 <?dbhtml filename="tripwire.html"?>
17
18 <sect1info>
19 <date>$Date$</date>
20 </sect1info>
21
22 <title>Tripwire-&tripwire-version;</title>
23
24 <indexterm zone="tripwire">
25 <primary sortas="a-Tripwire">Tripwire</primary>
26 </indexterm>
27
28 <sect2 role="package">
29 <title>Introduction to Tripwire</title>
30
31 <para>
32 The <application>Tripwire</application> package contains programs
33 used to verify the integrity of the files on a given system.
34 </para>
35
36 &lfs110_checked;
37
38 <bridgehead renderas="sect3">Package Information</bridgehead>
39 <itemizedlist spacing="compact">
40 <listitem>
41 <para>
42 Download (HTTP): <ulink url="&tripwire-download-http;"/>
43 </para>
44 </listitem>
45 <listitem>
46 <para>
47 Download (FTP): <ulink url="&tripwire-download-ftp;"/>
48 </para>
49 </listitem>
50 <listitem>
51 <para>
52 Download MD5 sum: &tripwire-md5sum;
53 </para>
54 </listitem>
55 <listitem>
56 <para>
57 Download size: &tripwire-size;
58 </para>
59 </listitem>
60 <listitem>
61 <para>
62 Estimated disk space required: &tripwire-buildsize;
63 </para>
64 </listitem>
65 <listitem>
66 <para>
67 Estimated build time: &tripwire-time;
68 </para>
69 </listitem>
70 </itemizedlist>
71
72 <bridgehead renderas="sect3">Tripwire Dependencies</bridgehead>
73<!--
74 <bridgehead renderas="sect4">Recommended</bridgehead>
75 <para role="recommended">
76 <xref linkend="openssl"/>
77 </para>
78-->
79
80 <bridgehead renderas="sect4">Optional</bridgehead>
81 <para role="optional">
82 An <xref linkend="server-mail"/>
83 </para>
84
85 <para condition="html" role="usernotes">User Notes:
86 <ulink url="&blfs-wiki;/tripwire"/></para>
87
88 </sect2>
89
90 <sect2 role="installation">
91 <title>Installation of Tripwire</title>
92
93 <para>
94 Compile <application>Tripwire</application> by running the following
95 commands:
96 </para>
97
98<screen><userinput>sed -e '/^CLOBBER/s/false/true/' \
99 -e 's|TWDB="${prefix}|TWDB="/var|' \
100 -e '/TWMAN/ s|${prefix}|/usr/share|' \
101 -e '/TWDOCS/s|${prefix}/doc/tripwire|/usr/share/doc/tripwire-&tripwire-version;|' \
102 -i installer/install.cfg &amp;&amp;
103
104find . -name Makefile.am | xargs \
105 sed -i 's/^[[:alpha:]_]*_HEADERS.*=/noinst_HEADERS =/' &amp;&amp;
106
107sed '/dist/d' -i man/man?/Makefile.am &amp;&amp;
108autoreconf -fi &amp;&amp;
109
110./configure --prefix=/usr --sysconfdir=/etc/tripwire &amp;&amp;
111make CPPFLAGS=-std=c++11</userinput></screen>
112
113 <note>
114 <para>
115 The default configuration is to use a local MTA. If
116 you don't have an MTA installed and have no wish to install
117 one, modify <filename>install/install.cfg</filename> to use an SMTP
118 server instead. Otherwise the install will fail.
119 </para>
120 </note>
121
122 <para>
123 This package does not come with a test suite.
124 </para>
125
126 <para>
127 Now, as the <systemitem class="username">root</systemitem> user:
128 </para>
129
130<screen role="root"><userinput>make install &amp;&amp;
131cp -v policy/*.txt /usr/share/doc/tripwire-&tripwire-version;</userinput></screen>
132
133 <note>
134 <para>
135 During <command>make install</command>, several questions
136 are asked, including passwords. If you want to make a script, you have
137 to apply a <application>sed</application> before running
138 <command>make install</command>:
139 </para>
140
141<screen><userinput>sed -i -e 's@installer/install.sh@&amp; -n -s <replaceable>&lt;site-password&gt;</replaceable> -l <replaceable>&lt;local-password&gt;</replaceable>@' Makefile</userinput></screen>
142
143 <para>
144 Of course, you should do this with dummy passwords and change them
145 later.
146 </para>
147
148 <para>
149 Another issue when scripting is that the installer exits when the
150 standard input is not a terminal. You may disable this behavior
151 with the following sed:
152 </para>
153
154<screen><userinput>sed '/-t 0/,+3d' -i installer/install.sh</userinput></screen>
155
156 </note>
157
158 </sect2>
159
160 <sect2 role="commands">
161 <title>Command Explanations</title>
162
163 <para>
164 <command>sed ... installer/install.cfg</command>: This command tells
165 the package to install the program database and reports in
166 <filename class="directory">/var/lib/tripwire</filename> and sets the
167 proper location for man pages and documentation.
168 </para>
169
170 <para>
171 <command>find ...</command>, <command>sed ...</command>, and
172 <command>autoreconf -fi</command>: The build system is unusable as is, and
173 has to be modified for the build to succeed.
174 </para>
175
176 <para>
177 <option>CPPFLAGS=-std=c++11</option>: Setting the C++ preprocessor
178 flags to version 11 is necessary to prevent a confict with the
179 default version which is c++17 in recent version of gcc.
180 </para>
181
182 <para>
183 <command>make install</command>: This command creates the
184 <application>Tripwire</application> security keys as well as installing
185 the binaries. There are two keys: a site key and a local key which are
186 stored in <filename class="directory">/etc/tripwire/</filename>.
187 </para>
188
189 <para>
190 <command>cp -v policy/*.txt /usr/doc/tripwire-&tripwire-version;</command>:
191 This command installs the <application>tripwire</application> sample
192 policy files with the other <application>tripwire</application>
193 documentation.i
194 </para>
195
196 </sect2>
197
198 <sect2 role="configuration">
199 <title>Configuring Tripwire</title>
200
201 <sect3 id="tripwire-config">
202 <title>Config Files</title>
203
204 <para>
205 <filename>/etc/tripwire/*</filename>
206 </para>
207
208 <indexterm zone="tripwire tripwire-config">
209 <primary sortas="e-etc-tripwire">/etc/tripwire/*</primary>
210 </indexterm>
211
212 </sect3>
213
214 <sect3>
215 <title>Configuration Information</title>
216
217 <para>
218 <application>Tripwire</application> uses a policy file to
219 determine which files are integrity checked. The default policy
220 file (<filename>/etc/tripwire/twpol.txt</filename>) is for a
221 default installation and will need to be updated for your
222 system.
223 </para>
224
225 <para>
226 Policy files should be tailored to each individual distribution and/or
227 installation. Some example policy files can be found in <filename
228 class="directory">/usr/share/doc/tripwire/</filename>.
229 </para>
230
231 <para>
232 If desired, copy the policy file you'd like to try into <filename
233 class="directory">/etc/tripwire/</filename> instead of using the
234 default policy file, <filename>twpol.txt</filename>. It is, however,
235 recommended that you edit your policy file. Get ideas from the
236 examples above and read
237 <filename>/usr/share/doc/tripwire/policyguide.txt</filename> for
238 additional information. <filename>twpol.txt</filename> is a good
239 policy file for learning about <application>Tripwire</application>
240 as it will note any changes to the file system and can even be used
241 as an annoying way of keeping track of changes for uninstallation of
242 software.
243 </para>
244
245 <para>
246 After your policy file has been edited to your satisfaction you may
247 begin the configuration steps (perform as the <systemitem
248 class='username'>root</systemitem>) user:
249 </para>
250
251<screen role="root"><userinput>twadmin --create-polfile --site-keyfile /etc/tripwire/site.key \
252 /etc/tripwire/twpol.txt &amp;&amp;
253tripwire --init</userinput></screen>
254
255 <para>
256 Depending on your system and the contents of the policy file, the
257 initialization phase above can take a relatively long time.
258 </para>
259
260 </sect3>
261
262 <sect3>
263 <title>Usage Information</title>
264
265 <para>
266 <application>Tripwire</application> will identify file changes in
267 the critical system files specified in the policy file. Using
268 <application>Tripwire</application> while making frequent changes to
269 these directories will flag all these changes. It is most useful
270 after a system has reached a configuration that the user considers
271 stable.
272 </para>
273
274 <para>
275 To use <application>Tripwire</application> after creating a policy
276 file to run a report, use the following command:
277 </para>
278
279<screen role="root"><userinput>tripwire --check &gt; /etc/tripwire/report.txt</userinput></screen>
280
281 <para>
282 View the output to check the integrity of your files. An automatic
283 integrity report can be produced by using a cron facility to schedule
284 the runs.
285 </para>
286
287 <para>
288 Reports are stored in binary and, if desired, encrypted. View reports,
289 as the <systemitem class="username">root</systemitem> user, with:
290 </para>
291
292<screen role="nodump"><userinput>twprint --print-report -r /var/lib/tripwire/report/<replaceable>&lt;report-name.twr&gt;</replaceable></userinput></screen>
293
294 <para>
295 After you run an integrity check, you should examine the report (or
296 email) and then modify the <application>Tripwire</application> database
297 to reflect the changed files on your system. This is so that
298 <application>Tripwire</application> will not continually notify you
299 hat files you intentionally changed are a security violation. To do
300 this you must first <command>ls -l /var/lib/tripwire/report/</command>
301 and note the name of the newest file which starts with your system
302 name as presented by the command <userinput>uname -n</userinput> and
303 ends in <filename>.twr</filename>. These files were created during
304 report creation and the most current one is needed to update the
305 <application>Tripwire</application> database of your system. As the
306 <systemitem class='username'>root</systemitem> user, type in the
307 following command making the appropriate report name:
308 </para>
309
310<screen role="nodump"><userinput>tripwire --update --twrfile /var/lib/tripwire/report/<replaceable>&lt;report-name.twr&gt;</replaceable></userinput></screen>
311
312 <para>
313 You will be placed into <application>Vim</application> with a copy
314 of the report in front of you. If all the changes were good, then just
315 type <command>:wq</command> and after entering your local key, the
316 database will be updated. If there are files which you still want to
317 be warned about, remove the 'x' before the filename in the report and
318 type <command>:wq</command>.
319 </para>
320
321 </sect3>
322
323 <sect3>
324 <title>Changing the Policy File</title>
325
326 <para>
327 If you are unhappy with your policy file and would like to modify it
328 or use a new one, modify the policy file and then execute the following
329 commands as the <systemitem class='username'>root</systemitem> user:
330 </para>
331
332<screen role="nodump"><userinput>twadmin --create-polfile /etc/tripwire/twpol.txt &amp;&amp;
333tripwire --init</userinput></screen>
334
335 </sect3>
336
337 </sect2>
338
339 <sect2 role="content">
340 <title>Contents</title>
341
342 <segmentedlist>
343 <segtitle>Installed Programs</segtitle>
344 <segtitle>Installed Libraries</segtitle>
345 <segtitle>Installed Directories</segtitle>
346
347 <seglistitem>
348 <seg>siggen, tripwire, twadmin, and twprint</seg>
349 <seg>None</seg>
350 <seg>/etc/tripwire, /var/lib/tripwire,
351 and /usr/share/doc/tripwire-&tripwire-version;</seg>
352 </seglistitem>
353 </segmentedlist>
354
355 <variablelist>
356 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
357 <?dbfo list-presentation="list"?>
358 <?dbhtml list-presentation="table"?>
359
360 <varlistentry id="siggen">
361 <term><command>siggen</command></term>
362 <listitem>
363 <para>
364 is a signature gathering utility that displays
365 the hash function values for the specified files
366 </para>
367 <indexterm zone="tripwire siggen">
368 <primary sortas="b-siggen">siggen</primary>
369 </indexterm>
370 </listitem>
371 </varlistentry>
372
373 <varlistentry id="tripwire-program">
374 <term><command>tripwire</command></term>
375 <listitem>
376 <para>
377 is the main file integrity checking program
378 </para>
379 <indexterm zone="tripwire tripwire">
380 <primary sortas="b-tripwire">tripwire</primary>
381 </indexterm>
382 </listitem>
383 </varlistentry>
384
385 <varlistentry id="twadmin">
386 <term><command>twadmin</command></term>
387 <listitem>
388 <para>
389 administrative and utility tool used to perform
390 certain administrative functions related to
391 <application>Tripwire</application> files and configuration
392 options
393 </para>
394 <indexterm zone="tripwire twadmin">
395 <primary sortas="b-twadmin">twadmin</primary>
396 </indexterm>
397 </listitem>
398 </varlistentry>
399
400 <varlistentry id="twprint">
401 <term><command>twprint</command></term>
402 <listitem>
403 <para>
404 prints <application>Tripwire</application>
405 database and report files in clear text format
406 </para>
407 <indexterm zone="tripwire twprint">
408 <primary sortas="b-twprint">twprint</primary>
409 </indexterm>
410 </listitem>
411 </varlistentry>
412
413 </variablelist>
414
415 </sect2>
416
417</sect1>
Note: See TracBrowser for help on using the repository browser.