source: postlfs/security/tripwire/tripwire-config.xml@ 064db32a

10.0 10.1 11.0 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 ken/refactor-virt krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk v1_0 v5_0 v5_0-pre1 v5_1 v5_1-pre1 xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since 064db32a was 064db32a, checked in by Larry Lawrence <larry@…>, 19 years ago

caught a few more tags

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@876 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 3.7 KB
Line 
1<sect2>
2<title>Configuring tripwire</title>
3
4<sect3><title>Config files</title>
5<para><userinput>/etc/tripwire</userinput></para>
6</sect3>
7
8<sect3><title>Configuration Information</title>
9
10<para>Tripwire uses a policy file to determine which files integrity
11 are checked. The default policy file (<filename>twpol.txt</filename> found in
12<filename>/etc/tripwire/</filename>) is for a default installation of Redhat
137.0 and is woefully outdated.</para>
14
15<para>Policy files are also a custom thing and should be tailored to
16 each individual distro and/or installation. Some custom policy files
17 can be found below: </para>
18<screen><ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt"/>
19Checks integrity of all files
20<ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt"/>
21Custom policy file for Base LFS 3.0 system
22<ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt"/>
23Custom policy file for SuSE 7.2 system</screen>
24
25<para>Download the custom policy file you'd like to try, copy it into
26<filename>/etc/tripwire/</filename>, and use it instead of <filename>twpol.txt</filename>. It
27 is, however, recommended that you make your own policy file. Get ideas
28 from the examples above and read
29 <filename>/usr/share/doc/tripwire/policyguide.txt</filename>.
30<filename>twpol.txt</filename> is a good policy file for beginners as it will note any changes to the filesystem and can even be used as an annoying way of keeping track of changes for uninstallation of software.</para>
31
32 <para>After your policy file has been transferred to <filename>/etc/tripwire/</filename> you may begin the configuration steps:</para>
33
34<screen><userinput>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
35tripwire -m i</userinput></screen>
36
37<para>During configuration tripwire will create 2 keys: a site key and
38 a local key which will be stored in <filename class="directory">/etc/tripwire/</filename>.</para>
39
40</sect3>
41
42<sect3><title>Usage Information</title>
43<para>To use tripwire after this and run a report using the following command:
44
45<screen><userinput>tripwire -m c &gt; /etc/tripwire/report.txt</userinput></screen></para>
46
47<para>View the output to check the integrity of your files. An automatic
48integrity report can be produced by using fcron. </para>
49
50<para>Please note that after you run an integrity check, you must check
51the report or email and then modify the tripwire database of the files
52on your system so that tripwire will not continually notify you that
53files you intentionally changed are a security violation. To do this you
54must first <userinput>ls /var/lib/tripwire/report/</userinput> and note
55the name of the newest file which starts with
56<filename>linux-</filename> and ends in <filename>.twr</filename>. This
57encrypted file was created during the last report creation and is needed
58to update the tripwire database of your system. Then, type in the
59following command making the appropriate substitutions for '?':
60<screen><userinput>tripwire -m u -r /var/lib/tripwire/report/linux-???????-??????.twr</userinput></screen></para>
61
62<para>You will be placed into vim with a copy of the report in front of
63 you. If all the changes were good, then just type
64 <userinput>:x</userinput> and after entering your local key, the
65database will be updated. If there are files which you
66 still want to be warned about, please remove the x before the filename
67 in the report and type <userinput>:x</userinput>. </para>
68
69</sect3>
70
71<sect3><title>Changing the Policy File</title>
72
73<para>If you are unhappy with your policy file and would like to modify it or use a new one, modify the policy file and then execute the following commands:
74<screen><userinput>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
75tripwire -m i</userinput></screen></para>
76
77</sect3>
78
79</sect2>
80
Note: See TracBrowser for help on using the repository browser.