source: postlfs/security/tripwire/tripwire-config.xml@ 1ea79a1

10.0 10.1 11.0 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 ken/refactor-virt krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk v5_1 xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since 1ea79a1 was 1ea79a1, checked in by Bruce Dubbs <bdubbs@…>, 17 years ago

Typos and punctuation

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2236 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 4.3 KB
Line 
1<sect2>
2<title>Configuring <application>Tripwire</application></title>
3
4<sect3><title>Config files</title>
5<para><filename class="directory">/etc/tripwire</filename></para>
6</sect3>
7
8<sect3><title>Configuration Information</title>
9
10<para><application>Tripwire</application> uses a policy file to determine which
11files integrity are checked. The default policy file (<filename>twpol.txt
12</filename> found in <filename class="directory">/etc/tripwire/</filename>) is for a default
13installation of Redhat 7.0 and is woefully outdated.</para>
14
15<para>Policy files are also a custom thing and should be tailored to each
16individual distribution and/or installation. Some custom policy files can be
17found below: </para>
18<screen><ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt</ulink>
19Checks integrity of all files
20<ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt</ulink>
21Custom policy file for Base LFS 3.0 system
22<ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt</ulink>
23Custom policy file for SuSE 7.2 system</screen>
24
25<para>Download the custom policy file you'd like to try, copy it into
26<filename class="directory">/etc/tripwire/</filename>, and use it instead of
27<filename>twpol.txt</filename>. It is, however, recommended that you make your own policy file.
28Get ideas from the examples above and read <filename>
29/usr/share/doc/tripwire/policyguide.txt</filename>. <filename>twpol.txt
30</filename> is a good policy file for beginners as it will note any changes to
31the file system and can even be used as an annoying way of keeping track of
32changes for uninstallation of software.</para>
33
34<para>After your policy file has been transferred to <filename
35class="directory">/etc/tripwire/</filename> you may begin the configuration steps:</para>
36
37<screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
38tripwire -m i</command></userinput></screen>
39
40<para>During installation <application>Tripwire</application> will create two
41(2) keys: a site key and a local key which will be stored in <filename
42class="directory">/etc/tripwire/</filename>.</para>
43
44</sect3>
45
46<sect3><title>Usage Information</title>
47<para>To use <application>Tripwire</application> after this and run a report,
48use the following command:</para>
49
50<screen><userinput><command>tripwire -m c &gt; /etc/tripwire/report.txt</command></userinput></screen>
51
52<para>View the output to check the integrity of your files. An automatic
53integrity report can be produced by using a cron facility to schedule
54the runs. </para>
55
56<para>Please note that after you run an integrity check, you must check
57the report or email and then modify the
58<application>Tripwire</application> database of the files
59on your system so that <application>Tripwire</application> will not continually notify you that
60files you intentionally changed are a security violation. To do this you
61must first <command>ls -l /var/lib/tripwire/report/</command> and note
62the name of the newest file which starts with <filename>linux-</filename> and
63ends in <filename>.twr</filename>. This encrypted file was created during the
64last report creation and is needed to update the
65<application>Tripwire</application> database of your
66system. Then, type in the following command making the appropriate
67substitutions for '?':</para>
68<screen><userinput><command>tripwire -m u -r /var/lib/tripwire/report/linux-???????-??????.twr </command></userinput></screen>
69
70<para>You will be placed into vim with a copy of the report in front of you. If
71all the changes were good, then just type <command>:x</command> and after
72entering your local key, the database will be updated. If there are files which
73you still want to be warned about, please remove the x before the filename in
74the report and type <command>:x</command>. </para>
75
76</sect3>
77
78<sect3><title>Changing the Policy File</title>
79
80<para>If you are unhappy with your policy file and would like to modify it or
81use a new one, modify the policy file and then execute the following
82commands:</para>
83<screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
84tripwire -m i</command></userinput></screen>
85
86</sect3>
87
88</sect2>
89
Note: See TracBrowser for help on using the repository browser.