source: postlfs/security/tripwire/tripwire-config.xml@ 1ea79a1

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb v5_1 xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 1ea79a1 was 1ea79a1, checked in by Bruce Dubbs <bdubbs@…>, 20 years ago

Typos and punctuation

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2236 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 4.3 KB
RevLine 
[c62afe4]1<sect2>
[79f87f94]2<title>Configuring <application>Tripwire</application></title>
[c62afe4]3
4<sect3><title>Config files</title>
[8604d92f]5<para><filename class="directory">/etc/tripwire</filename></para>
[c62afe4]6</sect3>
7
8<sect3><title>Configuration Information</title>
9
[8f44fa03]10<para><application>Tripwire</application> uses a policy file to determine which
11files integrity are checked. The default policy file (<filename>twpol.txt
[8604d92f]12</filename> found in <filename class="directory">/etc/tripwire/</filename>) is for a default
[8f44fa03]13installation of Redhat 7.0 and is woefully outdated.</para>
[c62afe4]14
[8f44fa03]15<para>Policy files are also a custom thing and should be tailored to each
16individual distribution and/or installation. Some custom policy files can be
17found below: </para>
[18193a6]18<screen><ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt</ulink>
[c62afe4]19Checks integrity of all files
[18193a6]20<ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt</ulink>
[c62afe4]21Custom policy file for Base LFS 3.0 system
[18193a6]22<ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt</ulink>
[1f563cb]23Custom policy file for SuSE 7.2 system</screen>
[c62afe4]24
[8604d92f]25<para>Download the custom policy file you'd like to try, copy it into
26<filename class="directory">/etc/tripwire/</filename>, and use it instead of
27<filename>twpol.txt</filename>. It is, however, recommended that you make your own policy file.
[8f44fa03]28Get ideas from the examples above and read <filename>
29/usr/share/doc/tripwire/policyguide.txt</filename>. <filename>twpol.txt
30</filename> is a good policy file for beginners as it will note any changes to
[666f6de]31the file system and can even be used as an annoying way of keeping track of
[8f44fa03]32changes for uninstallation of software.</para>
[c62afe4]33
[8604d92f]34<para>After your policy file has been transferred to <filename
35class="directory">/etc/tripwire/</filename> you may begin the configuration steps:</para>
[c62afe4]36
[8f44fa03]37<screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
38tripwire -m i</command></userinput></screen>
[c62afe4]39
[1ea79a1]40<para>During installation <application>Tripwire</application> will create two
41(2) keys: a site key and a local key which will be stored in <filename
42class="directory">/etc/tripwire/</filename>.</para>
[c62afe4]43
44</sect3>
45
46<sect3><title>Usage Information</title>
[79f87f94]47<para>To use <application>Tripwire</application> after this and run a report,
[a75063d4]48use the following command:</para>
[c62afe4]49
[cd8a62b1]50<screen><userinput><command>tripwire -m c &gt; /etc/tripwire/report.txt</command></userinput></screen>
[c62afe4]51
52<para>View the output to check the integrity of your files. An automatic
[b2a7072d]53integrity report can be produced by using a cron facility to schedule
54the runs. </para>
[c62afe4]55
56<para>Please note that after you run an integrity check, you must check
[8604d92f]57the report or email and then modify the
58<application>Tripwire</application> database of the files
59on your system so that <application>Tripwire</application> will not continually notify you that
[c62afe4]60files you intentionally changed are a security violation. To do this you
[1ea79a1]61must first <command>ls -l /var/lib/tripwire/report/</command> and note
[8f44fa03]62the name of the newest file which starts with <filename>linux-</filename> and
63ends in <filename>.twr</filename>. This encrypted file was created during the
[8604d92f]64last report creation and is needed to update the
65<application>Tripwire</application> database of your
[8f44fa03]66system. Then, type in the following command making the appropriate
[a75063d4]67substitutions for '?':</para>
68<screen><userinput><command>tripwire -m u -r /var/lib/tripwire/report/linux-???????-??????.twr </command></userinput></screen>
[8f44fa03]69
70<para>You will be placed into vim with a copy of the report in front of you. If
71all the changes were good, then just type <command>:x</command> and after
72entering your local key, the database will be updated. If there are files which
73you still want to be warned about, please remove the x before the filename in
74the report and type <command>:x</command>. </para>
[c62afe4]75
[1f563cb]76</sect3>
[c62afe4]77
[1f563cb]78<sect3><title>Changing the Policy File</title>
[c62afe4]79
[8f44fa03]80<para>If you are unhappy with your policy file and would like to modify it or
[a75063d4]81use a new one, modify the policy file and then execute the following
82commands:</para>
[8f44fa03]83<screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
[a75063d4]84tripwire -m i</command></userinput></screen>
[c62afe4]85
86</sect3>
87
88</sect2>
89
Note: See TracBrowser for help on using the repository browser.