source: postlfs/security/tripwire/tripwire-config.xml@ 3df86b66

10.0 10.1 11.0 11.1 11.2 11.3 12.0 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/inkscape-core-mods krejzi/svn lazarus lxqt nosym perl-modules plabs/python-mods qt5new systemd-11177 systemd-13485 trunk upgradedb v5_0 v5_0-pre1 v5_1 v5_1-pre1 xry111/intltool xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 3df86b66 was 3df86b66, checked in by Larry Lawrence <larry@…>, 20 years ago

incorporate option and parameter tags

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@1249 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 4.1 KB
Line 
1<sect2>
2<title>Configuring <application>Tripwire</application></title>
3
4<sect3><title>Config files</title>
5<para><filename>/etc/tripwire</filename></para>
6</sect3>
7
8<sect3><title>Configuration Information</title>
9
10<para><application>Tripwire</application> uses a policy file to determine which
11files integrity are checked. The default policy file (<filename>twpol.txt
12</filename> found in <filename>/etc/tripwire/</filename>) is for a default
13installation of Redhat 7.0 and is woefully outdated.</para>
14
15<para>Policy files are also a custom thing and should be tailored to each
16individual distribution and/or installation. Some custom policy files can be
17found below: </para>
18<screen><ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt</ulink>
19Checks integrity of all files
20<ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt</ulink>
21Custom policy file for Base LFS 3.0 system
22<ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt</ulink>
23Custom policy file for SuSE 7.2 system</screen>
24
25<para>Download the custom policy file you'd like to try, copy it into <filename>
26/etc/tripwire/</filename>, and use it instead of <filename>twpol.txt
27</filename>. It is, however, recommended that you make your own policy file.
28Get ideas from the examples above and read <filename>
29/usr/share/doc/tripwire/policyguide.txt</filename>. <filename>twpol.txt
30</filename> is a good policy file for beginners as it will note any changes to
31the filesystem and can even be used as an annoying way of keeping track of
32changes for uninstallation of software.</para>
33
34<para>After your policy file has been transferred to <filename>/etc/tripwire/
35</filename> you may begin the configuration steps:</para>
36
37<screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
38tripwire -m i</command></userinput></screen>
39
40<para>During configuration tripwire will create two (2) keys: a site key and
41 a local key which will be stored in <filename class="directory">/etc/tripwire/
42</filename>.</para>
43
44</sect3>
45
46<sect3><title>Usage Information</title>
47<para>To use <application>Tripwire</application> after this and run a report,
48use the following command:</para>
49
50<screen><userinput><command>tripwire -m c &gt; /etc/tripwire/report.txt
51</command></userinput></screen>
52
53<para>View the output to check the integrity of your files. An automatic
54integrity report can be produced by using a cron facility to schedule
55the runs. </para>
56
57<para>Please note that after you run an integrity check, you must check
58the report or email and then modify the tripwire database of the files
59on your system so that tripwire will not continually notify you that
60files you intentionally changed are a security violation. To do this you
61must first <command>ls /var/lib/tripwire/report/</command> and note
62the name of the newest file which starts with <filename>linux-</filename> and
63ends in <filename>.twr</filename>. This encrypted file was created during the
64last report creation and is needed to update the tripwire database of your
65system. Then, type in the following command making the appropriate
66substitutions for '?':</para>
67<screen><userinput><command>tripwire -m u -r /var/lib/tripwire/report/linux-???????-??????.twr </command></userinput></screen>
68
69<para>You will be placed into vim with a copy of the report in front of you. If
70all the changes were good, then just type <command>:x</command> and after
71entering your local key, the database will be updated. If there are files which
72you still want to be warned about, please remove the x before the filename in
73the report and type <command>:x</command>. </para>
74
75</sect3>
76
77<sect3><title>Changing the Policy File</title>
78
79<para>If you are unhappy with your policy file and would like to modify it or
80use a new one, modify the policy file and then execute the following
81commands:</para>
82<screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
83tripwire -m i</command></userinput></screen>
84
85</sect3>
86
87</sect2>
88
Note: See TracBrowser for help on using the repository browser.