source: postlfs/security/tripwire/tripwire-config.xml@ 0482b012

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb v5_0 v5_0-pre1 v5_1 v5_1-pre1 xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 0482b012 was 8604d92f, checked in by Larry Lawrence <larry@…>, 21 years ago

Chapter 13, again

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@1251 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 4.3 KB
RevLine 
[c62afe4]1<sect2>
[79f87f94]2<title>Configuring <application>Tripwire</application></title>
[c62afe4]3
4<sect3><title>Config files</title>
[8604d92f]5<para><filename class="directory">/etc/tripwire</filename></para>
[c62afe4]6</sect3>
7
8<sect3><title>Configuration Information</title>
9
[8f44fa03]10<para><application>Tripwire</application> uses a policy file to determine which
11files integrity are checked. The default policy file (<filename>twpol.txt
[8604d92f]12</filename> found in <filename class="directory">/etc/tripwire/</filename>) is for a default
[8f44fa03]13installation of Redhat 7.0 and is woefully outdated.</para>
[c62afe4]14
[8f44fa03]15<para>Policy files are also a custom thing and should be tailored to each
16individual distribution and/or installation. Some custom policy files can be
17found below: </para>
[18193a6]18<screen><ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt</ulink>
[c62afe4]19Checks integrity of all files
[18193a6]20<ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt</ulink>
[c62afe4]21Custom policy file for Base LFS 3.0 system
[18193a6]22<ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt</ulink>
[1f563cb]23Custom policy file for SuSE 7.2 system</screen>
[c62afe4]24
[8604d92f]25<para>Download the custom policy file you'd like to try, copy it into
26<filename class="directory">/etc/tripwire/</filename>, and use it instead of
27<filename>twpol.txt</filename>. It is, however, recommended that you make your own policy file.
[8f44fa03]28Get ideas from the examples above and read <filename>
29/usr/share/doc/tripwire/policyguide.txt</filename>. <filename>twpol.txt
30</filename> is a good policy file for beginners as it will note any changes to
[b2a7072d]31the filesystem and can even be used as an annoying way of keeping track of
[8f44fa03]32changes for uninstallation of software.</para>
[c62afe4]33
[8604d92f]34<para>After your policy file has been transferred to <filename
35class="directory">/etc/tripwire/</filename> you may begin the configuration steps:</para>
[c62afe4]36
[8f44fa03]37<screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
38tripwire -m i</command></userinput></screen>
[c62afe4]39
[8604d92f]40<para>During configuration <application>Tripwire</application> will create two (2) keys: a site key and
[8f44fa03]41 a local key which will be stored in <filename class="directory">/etc/tripwire/
42</filename>.</para>
[c62afe4]43
44</sect3>
45
46<sect3><title>Usage Information</title>
[79f87f94]47<para>To use <application>Tripwire</application> after this and run a report,
[a75063d4]48use the following command:</para>
[c62afe4]49
[8f44fa03]50<screen><userinput><command>tripwire -m c &gt; /etc/tripwire/report.txt
[a75063d4]51</command></userinput></screen>
[c62afe4]52
53<para>View the output to check the integrity of your files. An automatic
[b2a7072d]54integrity report can be produced by using a cron facility to schedule
55the runs. </para>
[c62afe4]56
57<para>Please note that after you run an integrity check, you must check
[8604d92f]58the report or email and then modify the
59<application>Tripwire</application> database of the files
60on your system so that <application>Tripwire</application> will not continually notify you that
[c62afe4]61files you intentionally changed are a security violation. To do this you
[8f44fa03]62must first <command>ls /var/lib/tripwire/report/</command> and note
63the name of the newest file which starts with <filename>linux-</filename> and
64ends in <filename>.twr</filename>. This encrypted file was created during the
[8604d92f]65last report creation and is needed to update the
66<application>Tripwire</application> database of your
[8f44fa03]67system. Then, type in the following command making the appropriate
[a75063d4]68substitutions for '?':</para>
69<screen><userinput><command>tripwire -m u -r /var/lib/tripwire/report/linux-???????-??????.twr </command></userinput></screen>
[8f44fa03]70
71<para>You will be placed into vim with a copy of the report in front of you. If
72all the changes were good, then just type <command>:x</command> and after
73entering your local key, the database will be updated. If there are files which
74you still want to be warned about, please remove the x before the filename in
75the report and type <command>:x</command>. </para>
[c62afe4]76
[1f563cb]77</sect3>
[c62afe4]78
[1f563cb]79<sect3><title>Changing the Policy File</title>
[c62afe4]80
[8f44fa03]81<para>If you are unhappy with your policy file and would like to modify it or
[a75063d4]82use a new one, modify the policy file and then execute the following
83commands:</para>
[8f44fa03]84<screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
[a75063d4]85tripwire -m i</command></userinput></screen>
[c62afe4]86
87</sect3>
88
89</sect2>
90
Note: See TracBrowser for help on using the repository browser.