Context Navigation

-              rd3469f0
+              r1503942
 <sect1 id="tripwire-portable" xreflabel="Tripwire-&tripwire-version;">
+<sect1info>
+<othername>$LastChangedBy$</othername>
+<date>$Date$</date>
+</sect1info>
+<?dbhtml filename="tripwire.html"?>
+<title>Tripwire-&tripwire-version;</title>
+<indexterm zone="tripwire-portable">
+<primary sortas="a-Tripwire">Tripwire</primary>
+</indexterm>
+<sect2>
+<title>Introduction to <application>Tripwire</application></title>
+<para>The <application>Tripwire</application> package contains programs used
+to verify the integrity of the files on a given system.</para>
+<sect3><title>Package information</title>
+<itemizedlist spacing='compact'>
+<listitem><para>Download (HTTP): <ulink
+url="&tripwire-download-http;"/></para></listitem>
+<listitem><para>Download (FTP): <ulink
+url="&tripwire-download-ftp;"/></para></listitem>
+<listitem><para>Download MD5 sum: &tripwire-md5sum;</para></listitem>
+<listitem><para>Download size: &tripwire-size;</para></listitem>
+<listitem><para>Estimated disk space required:
+&tripwire-buildsize;</para></listitem>
+<listitem><para>Estimated build time:
+&tripwire-time;</para></listitem></itemizedlist>
+</sect3>
+<sect3><title><application>Tripwire</application> dependencies</title>
+<sect4><title>Optional</title>
+<para><acronym>MTA</acronym> (See <xref linkend="server-mail"/>)</para>
+</sect4>
+</sect3>
+</sect2>
+<sect2>
+<title>Installation of <application>Tripwire</application></title>
+<para>Compile <application>Tripwire</application> by running the following
+commands:</para>
+<screen><userinput><command>sed -i -e 's@TWDB="${prefix}@TWDB="/var@' install/install.cfg &amp;&amp;
+  <?dbhtml filename="tripwire.html"?>
+  <sect1info>
+    <othername>$LastChangedBy$</othername>
+    <date>$Date$</date>
+  </sect1info>
+  <title>Tripwire-&tripwire-version;</title>
+  <indexterm zone="tripwire-portable">
+    <primary sortas="a-Tripwire">Tripwire</primary>
+  </indexterm>
+  <sect2 role="package">
+    <title>Introduction to Tripwire</title>
+    <para>The <application>Tripwire</application> package contains programs
+    used to verify the integrity of the files on a given system.</para>
+    <bridgehead renderas="sect3">Package Information</bridgehead>
+    <itemizedlist spacing="compact">
+      <listitem>
+        <para>Download (HTTP): <ulink url="&tripwire-download-http;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download (FTP): <ulink url="&tripwire-download-ftp;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &tripwire-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &tripwire-size;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &tripwire-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &tripwire-time;</para>
+      </listitem>
+    </itemizedlist>
+    <bridgehead renderas="sect3">Tripwire Dependencies</bridgehead>
+    <bridgehead renderas="sect4">Optional</bridgehead>
+    <para>MTA (See <xref linkend="server-mail"/>)</para>
+  </sect2>
+  <sect2 role="installation">
+    <title>Installation of Tripwire</title>
+    <para>Compile <application>Tripwire</application> by running the following
+    commands:</para>
+<screen><userinput>sed -i -e 's@TWDB="${prefix}@TWDB="/var@' install/install.cfg &amp;&amp;
 ./configure --prefix=/usr --sysconfdir=/etc/tripwire &amp;&amp;
+make</command></userinput></screen>
+<para>Now, as the root user:</para>
+<screen><userinput role='root'><command>make install &amp;&amp;
+cp policy/*.txt /usr/share/doc/tripwire</command></userinput></screen>
+<para>The default configuration is to use a local <acronym>MTA</acronym>. If
+you don't have an <acronym>MTA</acronym> installed and have no wish to install
+one, modify <filename>install.cfg</filename> to use an <acronym>SMTP</acronym>
+server instead.</para>
+</sect2>
+<sect2>
+<title>Command explanations</title>
+<para><command>sed -i -e 's@TWDB="${prefix}@TWDB="/var@'
+install/install.cfg</command>: This command tells the package to install the
+program database and reports in
+<filename>/var/lib/tripwire</filename>.</para>
+<para><command>make install</command>: This command creates the
+<application>Tripwire</application> security keys as well as installing the
+binaries. There are two keys: a site key and a local key which are stored in
+<filename class="directory">/etc/tripwire/</filename>.</para>
+<para><command>cp policy/*.txt /usr/share/doc/tripwire</command>: This command
+installs the documentation.</para>
+</sect2>
+<sect2>
+<title>Configuring <application>Tripwire</application></title>
+<sect3 id="tripwire-config"><title>Config files</title>
+<para><filename>/etc/tripwire/*</filename></para>
+<indexterm zone="tripwire-portable tripwire-config">
+<primary sortas="e-etc-tripwire">/etc/tripwire/*</primary>
+</indexterm>
+</sect3>
+<sect3><title>Configuration Information</title>
+<para><application>Tripwire</application> uses a policy file to determine which
+files are integrity checked. The default policy file
+(<filename>/etc/tripwire/twpol.txt</filename>) is for a default
+installation Redhat and will need to be updated for your system.</para>
+<para>Policy files should be tailored to each individual distribution and/or
+installation. Some custom policy files can be found below: </para>
+<screen><ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt"/>
+make</userinput></screen>
+    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+<screen role="root"><userinput>make install &amp;&amp;
+cp -v policy/*.txt /usr/share/doc/tripwire</userinput></screen>
+    <para>The default configuration is to use a local MTA. If
+    you don't have an MTA installed and have no wish to install
+    one, modify <filename>install.cfg</filename> to use an SMTP
+    server instead.</para>
+  </sect2>
+  <sect2 role="commands">
+    <title>Command Explanations</title>
+    <para><command>sed -i -e 's@TWDB="${prefix}@TWDB="/var@'
+    install/install.cfg</command>: This command tells the package to install
+    the program database and reports in
+    <filename class="directory">/var/lib/tripwire</filename>.</para>
+    <para><command>make install</command>: This command creates the
+    <application>Tripwire</application> security keys as well as installing
+    the binaries. There are two keys: a site key and a local key which are
+    stored in <filename class="directory">/etc/tripwire/</filename>.</para>
+    <para><command>cp -v policy/*.txt /usr/share/doc/tripwire</command>: This
+    command installs the documentation.</para>
+  </sect2>
+  <sect2 role="configuration">
+    <title>Configuring Tripwire</title>
+    <sect3 id="tripwire-config">
+      <title>Config Files</title>
+      <para><filename>/etc/tripwire/*</filename></para>
+      <indexterm zone="tripwire-portable tripwire-config">
+        <primary sortas="e-etc-tripwire">/etc/tripwire/*</primary>
+      </indexterm>
+    </sect3>
+    <sect3>
+      <title>Configuration Information</title>
+      <para><application>Tripwire</application> uses a policy file to
+      determine which files are integrity checked. The default policy
+      file (<filename>/etc/tripwire/twpol.txt</filename>) is for a
+      default installation Redhat and will need to be updated for your
+      system.</para>
+      <para>Policy files should be tailored to each individual distribution
+      and/or installation. Some custom policy files can be found below:</para>
+<literallayout><ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt"/>
 Checks integrity of all files
 <ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt"/>
 Custom policy file for Base LFS 3.0 system
 <ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt"/>
+Custom policy file for SuSE 7.2 system</screen>
+<para>Download the custom policy file you'd like to try, copy it into
+<filename class="directory">/etc/tripwire/</filename>, and use it instead of
+<filename>twpol.txt</filename>. It is, however, recommended that you make
+your own policy file. Get ideas from the examples above and read
+<filename>/usr/share/doc/tripwire/policyguide.txt</filename> for additional
+information. <filename>twpol.txt</filename> is a good policy file for beginners
+as it will note any changes to the file system and can even be used as an
+annoying way of keeping track of changes for uninstallation of software.</para>
+<para>After your policy file has been transferred to
+<filename class="directory">/etc/tripwire/</filename> you may begin the
+configuration steps:</para>
+<screen><userinput role='root'><command>twadmin --create-polfile --site-keyfile /etc/tripwire/site.key \
+Custom policy file for SuSE 7.2 system</literallayout>
+      <para>Download the custom policy file you'd like to try, copy it into
+      <filename class="directory">/etc/tripwire/</filename>, and use it instead
+      of <filename>twpol.txt</filename>. It is, however, recommended that you
+      make your own policy file. Get ideas from the examples above and read
+      <filename>/usr/share/doc/tripwire/policyguide.txt</filename> for
+      additional information. <filename>twpol.txt</filename> is a good policy
+      file for beginners as it will note any changes to the file system and can
+      even be used as an annoying way of keeping track of changes for
+      uninstallation of software.</para>
+      <para>After your policy file has been transferred to
+      <filename class="directory">/etc/tripwire/</filename> you may begin
+      the configuration steps:</para>
+<screen role="root"><userinput>twadmin --create-polfile --site-keyfile /etc/tripwire/site.key \
     /etc/tripwire/twpol.txt &amp;&amp;
+tripwire --init</command></userinput></screen>
+</sect3>
+<sect3><title>Usage Information</title>
+<para>To use <application>Tripwire</application> after creating a policy file
+to run a report, use the following command:</para>
+<screen><userinput role='root'><command>tripwire --check &gt; /etc/tripwire/report.txt</command></userinput></screen>
+<para>View the output to check the integrity of your files. An automatic
+integrity report can be produced by using a cron facility to schedule
+the runs.</para>
+<para>Please note that after you run an integrity check, you must examine
+the report (or email) and then modify the <application>Tripwire</application>
+database to reflect the changed files on your system. This is so that
+<application>Tripwire</application> will not continually notify you that
+files you intentionally changed are a security violation. To do this you
+must first <command>ls -l /var/lib/tripwire/report/</command> and note
+the name of the newest file which starts with <filename>linux-</filename> and
+ends in <filename>.twr</filename>. This encrypted file was created during the
+last report creation and is needed to update the
+<application>Tripwire</application> database of your
+system. Then, type in the following command making the appropriate
+substitutions for <replaceable>[?]</replaceable>:</para>
+<screen><userinput role='root'><command>tripwire --update -twrfile \
+    /var/lib/tripwire/report/linux-<replaceable>[???????]</replaceable>-<replaceable>[??????]</replaceable>.twr</command></userinput></screen>
+<para>You will be placed into <application>vim</application> with a copy of
+the report in front of you. If all the changes were good, then just type
+<command>:x</command> and after entering your local key, the database will be
+updated. If there are files which you still want to be warned about, remove the
+'x' before the filename in the report and type <command>:x</command>.</para>
+</sect3>
+<sect3><title>Changing the Policy File</title>
+<para>If you are unhappy with your policy file and would like to modify it or
+use a new one, modify the policy file and then execute the following
+commands:</para>
+<screen><userinput role='root'><command>twadmin --create-polfile /etc/tripwire/twpol.txt &amp;&amp;
+tripwire --init</command></userinput></screen>
+</sect3>
+</sect2>
+<sect2>
+<title>Contents</title>
+<segmentedlist>
+  <segtitle>Installed Programs</segtitle>
+  <segtitle>Installed Libraries</segtitle>
+  <segtitle>Installed Directories</segtitle>
+  <seglistitem>
+    <seg>siggen, tripwire, twadmin and twprint.</seg>
+    <seg>None</seg>
+    <seg>/etc/tripwire, /usr/share/doc/tripwire and /var/lib/tripwire</seg>
+  </seglistitem>
+</segmentedlist>
+<variablelist>
+  <bridgehead renderas="sect3">Short Descriptions</bridgehead>
+  <?dbfo list-presentation="list"?>
+  <varlistentry id="siggen">
+    <term><command>siggen</command></term>
+    <listitem><para>is a signature gathering utility that displays
+      the hash function values for the specified files.</para>
+    <indexterm zone="tripwire-portable siggen">
+      <primary sortas="b-siggen">siggen</primary>
+    </indexterm>
+    </listitem>
+  </varlistentry>
+  <varlistentry id='tripwire'>
+    <term><command>tripwire</command></term>
+    <listitem><para>is the main file integrity checking program.</para>
+    <indexterm zone="tripwire-portable tripwire">
+      <primary sortas="b-tripwire">tripwire</primary>
+    </indexterm>
+    </listitem>
+  </varlistentry>
+  <varlistentry id='twadmin'>
+    <term><command>twadmin</command></term>
+    <listitem><para>administrative and utility tool used to perform
+      certain administrative functions related to
+      <application>Tripwire</application> files and configuration
+        options.</para>
+    <indexterm zone="tripwire-portable twadmin">
+      <primary sortas="b-twadmin">twadmin</primary>
+    </indexterm>
+    </listitem>
+  </varlistentry>
+  <varlistentry id='twprint'>
+    <term><command>twprint</command></term>
+    <listitem><para>prints <application>Tripwire</application>
+      database and report files in clear text format.</para>
+    <indexterm zone="tripwire-portable twprint">
+      <primary sortas="b-twprint">twprint</primary>
+    </indexterm>
+    </listitem>
+  </varlistentry>
+</variablelist>
+</sect2>
+tripwire --init</userinput></screen>
+    </sect3>
+    <sect3>
+      <title>Usage Information</title>
+      <para>To use <application>Tripwire</application> after creating a policy
+      file to run a report, use the following command:</para>
+<screen role="root"><userinput>tripwire --check &gt; /etc/tripwire/report.txt</userinput></screen>
+      <para>View the output to check the integrity of your files. An automatic
+      integrity report can be produced by using a cron facility to schedule
+      the runs.</para>
+      <para>Please note that after you run an integrity check, you must
+      examine the report (or email) and then modify the
+      <application>Tripwire</application> database to reflect the changed
+      files on your system. This is so that <application>Tripwire</application>
+      will not continually notify you that files you intentionally changed are
+      a security violation. To do this you must first <command>ls -l
+      /var/lib/tripwire/report/</command> and note the name of the newest file
+      which starts with <filename>linux-</filename> and ends in
+      <filename>.twr</filename>. This encrypted file was created during the
+      last report creation and is needed to update the
+      <application>Tripwire</application> database of your system. Then, type
+      in the following command making the appropriate substitutions for
+      <replaceable>[?]</replaceable>:</para>
+<screen role="root"><userinput>tripwire --update -twrfile \
+    /var/lib/tripwire/report/linux-<replaceable>[???????]</replaceable>-<replaceable>[??????]</replaceable>.twr</userinput></screen>
+      <para>You will be placed into <application>vim</application> with a copy
+      of the report in front of you. If all the changes were good, then just
+      type <command>:x</command> and after entering your local key, the database
+      will be updated. If there are files which you still want to be warned
+      about, remove the 'x' before the filename in the report and type
+      <command>:x</command>.</para>
+    </sect3>
+    <sect3>
+      <title>Changing the Policy File</title>
+      <para>If you are unhappy with your policy file and would like to modify
+      it or use a new one, modify the policy file and then execute the following
+      commands:</para>
+<screen role="root"><userinput>twadmin --create-polfile /etc/tripwire/twpol.txt &amp;&amp;
+tripwire --init</userinput></screen>
+    </sect3>
+  </sect2>
+  <sect2 role="content">
+    <title>Contents</title>
+    <segmentedlist>
+      <segtitle>Installed Programs</segtitle>
+      <segtitle>Installed Libraries</segtitle>
+      <segtitle>Installed Directories</segtitle>
+      <seglistitem>
+        <seg>siggen, tripwire, twadmin, and twprint.</seg>
+        <seg>None</seg>
+        <seg>/etc/tripwire, /usr/share/doc/tripwire, and /var/lib/tripwire</seg>
+      </seglistitem>
+    </segmentedlist>
+    <variablelist>
+      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
+      <?dbfo list-presentation="list"?>
+      <?dbhtml list-presentation="table"?>
+      <varlistentry id="siggen">
+        <term><command>siggen</command></term>
+        <listitem>
+          <para>is a signature gathering utility that displays
+          the hash function values for the specified files.</para>
+          <indexterm zone="tripwire-portable siggen">
+            <primary sortas="b-siggen">siggen</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id='tripwire'>
+        <term><command>tripwire</command></term>
+        <listitem>
+          <para>is the main file integrity checking program.</para>
+          <indexterm zone="tripwire-portable tripwire">
+            <primary sortas="b-tripwire">tripwire</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id='twadmin'>
+        <term><command>twadmin</command></term>
+        <listitem>
+          <para>administrative and utility tool used to perform
+          certain administrative functions related to
+          <application>Tripwire</application> files and configuration
+          options.</para>
+          <indexterm zone="tripwire-portable twadmin">
+            <primary sortas="b-twadmin">twadmin</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id='twprint'>
+        <term><command>twprint</command></term>
+        <listitem>
+          <para>prints <application>Tripwire</application>
+          database and report files in clear text format.</para>
+          <indexterm zone="tripwire-portable twprint">
+            <primary sortas="b-twprint">twprint</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </sect2>
 </sect1>

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 1503942 for postlfs/security/tripwire.xml

Legend:

postlfs/security/tripwire.xml

Download in other formats: