Changeset 1503942 for postlfs/security/tripwire.xml
- Timestamp:
- 05/14/2005 04:46:27 PM (19 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- f39a33c
- Parents:
- d3469f0
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/tripwire.xml
rd3469f0 r1503942 14 14 15 15 <sect1 id="tripwire-portable" xreflabel="Tripwire-&tripwire-version;"> 16 <sect1info> 17 <othername>$LastChangedBy$</othername> 18 <date>$Date$</date> 19 </sect1info> 20 <?dbhtml filename="tripwire.html"?> 21 <title>Tripwire-&tripwire-version;</title> 22 <indexterm zone="tripwire-portable"> 23 <primary sortas="a-Tripwire">Tripwire</primary> 24 </indexterm> 25 26 <sect2> 27 <title>Introduction to <application>Tripwire</application></title> 28 29 <para>The <application>Tripwire</application> package contains programs used 30 to verify the integrity of the files on a given system.</para> 31 32 <sect3><title>Package information</title> 33 <itemizedlist spacing='compact'> 34 <listitem><para>Download (HTTP): <ulink 35 url="&tripwire-download-http;"/></para></listitem> 36 <listitem><para>Download (FTP): <ulink 37 url="&tripwire-download-ftp;"/></para></listitem> 38 <listitem><para>Download MD5 sum: &tripwire-md5sum;</para></listitem> 39 <listitem><para>Download size: &tripwire-size;</para></listitem> 40 <listitem><para>Estimated disk space required: 41 &tripwire-buildsize;</para></listitem> 42 <listitem><para>Estimated build time: 43 &tripwire-time;</para></listitem></itemizedlist> 44 </sect3> 45 46 <sect3><title><application>Tripwire</application> dependencies</title> 47 <sect4><title>Optional</title> 48 <para><acronym>MTA</acronym> (See <xref linkend="server-mail"/>)</para> 49 </sect4> 50 </sect3> 51 52 </sect2> 53 54 <sect2> 55 <title>Installation of <application>Tripwire</application></title> 56 57 <para>Compile <application>Tripwire</application> by running the following 58 commands:</para> 59 60 <screen><userinput><command>sed -i -e 's@TWDB="${prefix}@TWDB="/var@' install/install.cfg && 16 <?dbhtml filename="tripwire.html"?> 17 18 <sect1info> 19 <othername>$LastChangedBy$</othername> 20 <date>$Date$</date> 21 </sect1info> 22 23 <title>Tripwire-&tripwire-version;</title> 24 25 <indexterm zone="tripwire-portable"> 26 <primary sortas="a-Tripwire">Tripwire</primary> 27 </indexterm> 28 29 <sect2 role="package"> 30 <title>Introduction to Tripwire</title> 31 32 <para>The <application>Tripwire</application> package contains programs 33 used to verify the integrity of the files on a given system.</para> 34 35 <bridgehead renderas="sect3">Package Information</bridgehead> 36 <itemizedlist spacing="compact"> 37 <listitem> 38 <para>Download (HTTP): <ulink url="&tripwire-download-http;"/></para> 39 </listitem> 40 <listitem> 41 <para>Download (FTP): <ulink url="&tripwire-download-ftp;"/></para> 42 </listitem> 43 <listitem> 44 <para>Download MD5 sum: &tripwire-md5sum;</para> 45 </listitem> 46 <listitem> 47 <para>Download size: &tripwire-size;</para> 48 </listitem> 49 <listitem> 50 <para>Estimated disk space required: &tripwire-buildsize;</para> 51 </listitem> 52 <listitem> 53 <para>Estimated build time: &tripwire-time;</para> 54 </listitem> 55 </itemizedlist> 56 57 <bridgehead renderas="sect3">Tripwire Dependencies</bridgehead> 58 59 <bridgehead renderas="sect4">Optional</bridgehead> 60 <para>MTA (See <xref linkend="server-mail"/>)</para> 61 62 </sect2> 63 64 <sect2 role="installation"> 65 <title>Installation of Tripwire</title> 66 67 <para>Compile <application>Tripwire</application> by running the following 68 commands:</para> 69 70 <screen><userinput>sed -i -e 's@TWDB="${prefix}@TWDB="/var@' install/install.cfg && 61 71 ./configure --prefix=/usr --sysconfdir=/etc/tripwire && 62 make</command></userinput></screen> 63 64 <para>Now, as the root user:</para> 65 66 <screen><userinput role='root'><command>make install && 67 cp policy/*.txt /usr/share/doc/tripwire</command></userinput></screen> 68 69 <para>The default configuration is to use a local <acronym>MTA</acronym>. If 70 you don't have an <acronym>MTA</acronym> installed and have no wish to install 71 one, modify <filename>install.cfg</filename> to use an <acronym>SMTP</acronym> 72 server instead.</para> 73 74 </sect2> 75 76 <sect2> 77 <title>Command explanations</title> 78 79 <para><command>sed -i -e 's@TWDB="${prefix}@TWDB="/var@' 80 install/install.cfg</command>: This command tells the package to install the 81 program database and reports in 82 <filename>/var/lib/tripwire</filename>.</para> 83 84 <para><command>make install</command>: This command creates the 85 <application>Tripwire</application> security keys as well as installing the 86 binaries. There are two keys: a site key and a local key which are stored in 87 <filename class="directory">/etc/tripwire/</filename>.</para> 88 89 <para><command>cp policy/*.txt /usr/share/doc/tripwire</command>: This command 90 installs the documentation.</para> 91 92 </sect2> 93 94 <sect2> 95 <title>Configuring <application>Tripwire</application></title> 96 97 <sect3 id="tripwire-config"><title>Config files</title> 98 <para><filename>/etc/tripwire/*</filename></para> 99 <indexterm zone="tripwire-portable tripwire-config"> 100 <primary sortas="e-etc-tripwire">/etc/tripwire/*</primary> 101 </indexterm> 102 </sect3> 103 104 <sect3><title>Configuration Information</title> 105 106 <para><application>Tripwire</application> uses a policy file to determine which 107 files are integrity checked. The default policy file 108 (<filename>/etc/tripwire/twpol.txt</filename>) is for a default 109 installation Redhat and will need to be updated for your system.</para> 110 111 <para>Policy files should be tailored to each individual distribution and/or 112 installation. Some custom policy files can be found below: </para> 113 114 <screen><ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt"/> 72 make</userinput></screen> 73 74 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 75 76 <screen role="root"><userinput>make install && 77 cp -v policy/*.txt /usr/share/doc/tripwire</userinput></screen> 78 79 <para>The default configuration is to use a local MTA. If 80 you don't have an MTA installed and have no wish to install 81 one, modify <filename>install.cfg</filename> to use an SMTP 82 server instead.</para> 83 84 </sect2> 85 86 <sect2 role="commands"> 87 <title>Command Explanations</title> 88 89 <para><command>sed -i -e 's@TWDB="${prefix}@TWDB="/var@' 90 install/install.cfg</command>: This command tells the package to install 91 the program database and reports in 92 <filename class="directory">/var/lib/tripwire</filename>.</para> 93 94 <para><command>make install</command>: This command creates the 95 <application>Tripwire</application> security keys as well as installing 96 the binaries. There are two keys: a site key and a local key which are 97 stored in <filename class="directory">/etc/tripwire/</filename>.</para> 98 99 <para><command>cp -v policy/*.txt /usr/share/doc/tripwire</command>: This 100 command installs the documentation.</para> 101 102 </sect2> 103 104 <sect2 role="configuration"> 105 <title>Configuring Tripwire</title> 106 107 <sect3 id="tripwire-config"> 108 <title>Config Files</title> 109 110 <para><filename>/etc/tripwire/*</filename></para> 111 112 <indexterm zone="tripwire-portable tripwire-config"> 113 <primary sortas="e-etc-tripwire">/etc/tripwire/*</primary> 114 </indexterm> 115 116 </sect3> 117 118 <sect3> 119 <title>Configuration Information</title> 120 121 <para><application>Tripwire</application> uses a policy file to 122 determine which files are integrity checked. The default policy 123 file (<filename>/etc/tripwire/twpol.txt</filename>) is for a 124 default installation Redhat and will need to be updated for your 125 system.</para> 126 127 <para>Policy files should be tailored to each individual distribution 128 and/or installation. Some custom policy files can be found below:</para> 129 130 <literallayout><ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt"/> 115 131 Checks integrity of all files 116 132 <ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt"/> 117 133 Custom policy file for Base LFS 3.0 system 118 134 <ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt"/> 119 Custom policy file for SuSE 7.2 system</screen> 120 121 <para>Download the custom policy file you'd like to try, copy it into 122 <filename class="directory">/etc/tripwire/</filename>, and use it instead of 123 <filename>twpol.txt</filename>. It is, however, recommended that you make 124 your own policy file. Get ideas from the examples above and read 125 <filename>/usr/share/doc/tripwire/policyguide.txt</filename> for additional 126 information. <filename>twpol.txt</filename> is a good policy file for beginners 127 as it will note any changes to the file system and can even be used as an 128 annoying way of keeping track of changes for uninstallation of software.</para> 129 130 <para>After your policy file has been transferred to 131 <filename class="directory">/etc/tripwire/</filename> you may begin the 132 configuration steps:</para> 133 134 <screen><userinput role='root'><command>twadmin --create-polfile --site-keyfile /etc/tripwire/site.key \ 135 Custom policy file for SuSE 7.2 system</literallayout> 136 137 <para>Download the custom policy file you'd like to try, copy it into 138 <filename class="directory">/etc/tripwire/</filename>, and use it instead 139 of <filename>twpol.txt</filename>. It is, however, recommended that you 140 make your own policy file. Get ideas from the examples above and read 141 <filename>/usr/share/doc/tripwire/policyguide.txt</filename> for 142 additional information. <filename>twpol.txt</filename> is a good policy 143 file for beginners as it will note any changes to the file system and can 144 even be used as an annoying way of keeping track of changes for 145 uninstallation of software.</para> 146 147 <para>After your policy file has been transferred to 148 <filename class="directory">/etc/tripwire/</filename> you may begin 149 the configuration steps:</para> 150 151 <screen role="root"><userinput>twadmin --create-polfile --site-keyfile /etc/tripwire/site.key \ 135 152 /etc/tripwire/twpol.txt && 136 tripwire --init</command></userinput></screen> 137 138 </sect3> 139 140 <sect3><title>Usage Information</title> 141 <para>To use <application>Tripwire</application> after creating a policy file 142 to run a report, use the following command:</para> 143 144 <screen><userinput role='root'><command>tripwire --check > /etc/tripwire/report.txt</command></userinput></screen> 145 146 <para>View the output to check the integrity of your files. An automatic 147 integrity report can be produced by using a cron facility to schedule 148 the runs.</para> 149 150 <para>Please note that after you run an integrity check, you must examine 151 the report (or email) and then modify the <application>Tripwire</application> 152 database to reflect the changed files on your system. This is so that 153 <application>Tripwire</application> will not continually notify you that 154 files you intentionally changed are a security violation. To do this you 155 must first <command>ls -l /var/lib/tripwire/report/</command> and note 156 the name of the newest file which starts with <filename>linux-</filename> and 157 ends in <filename>.twr</filename>. This encrypted file was created during the 158 last report creation and is needed to update the 159 <application>Tripwire</application> database of your 160 system. Then, type in the following command making the appropriate 161 substitutions for <replaceable>[?]</replaceable>:</para> 162 163 <screen><userinput role='root'><command>tripwire --update -twrfile \ 164 /var/lib/tripwire/report/linux-<replaceable>[???????]</replaceable>-<replaceable>[??????]</replaceable>.twr</command></userinput></screen> 165 166 <para>You will be placed into <application>vim</application> with a copy of 167 the report in front of you. If all the changes were good, then just type 168 <command>:x</command> and after entering your local key, the database will be 169 updated. If there are files which you still want to be warned about, remove the 170 'x' before the filename in the report and type <command>:x</command>.</para> 171 172 </sect3> 173 174 <sect3><title>Changing the Policy File</title> 175 176 <para>If you are unhappy with your policy file and would like to modify it or 177 use a new one, modify the policy file and then execute the following 178 commands:</para> 179 180 <screen><userinput role='root'><command>twadmin --create-polfile /etc/tripwire/twpol.txt && 181 tripwire --init</command></userinput></screen> 182 </sect3> 183 184 </sect2> 185 186 <sect2> 187 <title>Contents</title> 188 <segmentedlist> 189 <segtitle>Installed Programs</segtitle> 190 <segtitle>Installed Libraries</segtitle> 191 <segtitle>Installed Directories</segtitle> 192 <seglistitem> 193 <seg>siggen, tripwire, twadmin and twprint.</seg> 194 <seg>None</seg> 195 <seg>/etc/tripwire, /usr/share/doc/tripwire and /var/lib/tripwire</seg> 196 </seglistitem> 197 </segmentedlist> 198 199 <variablelist> 200 <bridgehead renderas="sect3">Short Descriptions</bridgehead> 201 <?dbfo list-presentation="list"?> 202 203 <varlistentry id="siggen"> 204 <term><command>siggen</command></term> 205 <listitem><para>is a signature gathering utility that displays 206 the hash function values for the specified files.</para> 207 <indexterm zone="tripwire-portable siggen"> 208 <primary sortas="b-siggen">siggen</primary> 209 </indexterm> 210 </listitem> 211 </varlistentry> 212 213 <varlistentry id='tripwire'> 214 <term><command>tripwire</command></term> 215 <listitem><para>is the main file integrity checking program.</para> 216 <indexterm zone="tripwire-portable tripwire"> 217 <primary sortas="b-tripwire">tripwire</primary> 218 </indexterm> 219 </listitem> 220 </varlistentry> 221 222 <varlistentry id='twadmin'> 223 <term><command>twadmin</command></term> 224 <listitem><para>administrative and utility tool used to perform 225 certain administrative functions related to 226 <application>Tripwire</application> files and configuration 227 options.</para> 228 <indexterm zone="tripwire-portable twadmin"> 229 <primary sortas="b-twadmin">twadmin</primary> 230 </indexterm> 231 </listitem> 232 </varlistentry> 233 234 <varlistentry id='twprint'> 235 <term><command>twprint</command></term> 236 <listitem><para>prints <application>Tripwire</application> 237 database and report files in clear text format.</para> 238 <indexterm zone="tripwire-portable twprint"> 239 <primary sortas="b-twprint">twprint</primary> 240 </indexterm> 241 </listitem> 242 </varlistentry> 243 </variablelist> 244 245 </sect2> 153 tripwire --init</userinput></screen> 154 155 </sect3> 156 157 <sect3> 158 <title>Usage Information</title> 159 160 <para>To use <application>Tripwire</application> after creating a policy 161 file to run a report, use the following command:</para> 162 163 <screen role="root"><userinput>tripwire --check > /etc/tripwire/report.txt</userinput></screen> 164 165 <para>View the output to check the integrity of your files. An automatic 166 integrity report can be produced by using a cron facility to schedule 167 the runs.</para> 168 169 <para>Please note that after you run an integrity check, you must 170 examine the report (or email) and then modify the 171 <application>Tripwire</application> database to reflect the changed 172 files on your system. This is so that <application>Tripwire</application> 173 will not continually notify you that files you intentionally changed are 174 a security violation. To do this you must first <command>ls -l 175 /var/lib/tripwire/report/</command> and note the name of the newest file 176 which starts with <filename>linux-</filename> and ends in 177 <filename>.twr</filename>. This encrypted file was created during the 178 last report creation and is needed to update the 179 <application>Tripwire</application> database of your system. Then, type 180 in the following command making the appropriate substitutions for 181 <replaceable>[?]</replaceable>:</para> 182 183 <screen role="root"><userinput>tripwire --update -twrfile \ 184 /var/lib/tripwire/report/linux-<replaceable>[???????]</replaceable>-<replaceable>[??????]</replaceable>.twr</userinput></screen> 185 186 <para>You will be placed into <application>vim</application> with a copy 187 of the report in front of you. If all the changes were good, then just 188 type <command>:x</command> and after entering your local key, the database 189 will be updated. If there are files which you still want to be warned 190 about, remove the 'x' before the filename in the report and type 191 <command>:x</command>.</para> 192 193 </sect3> 194 195 <sect3> 196 <title>Changing the Policy File</title> 197 198 <para>If you are unhappy with your policy file and would like to modify 199 it or use a new one, modify the policy file and then execute the following 200 commands:</para> 201 202 <screen role="root"><userinput>twadmin --create-polfile /etc/tripwire/twpol.txt && 203 tripwire --init</userinput></screen> 204 205 </sect3> 206 207 </sect2> 208 209 <sect2 role="content"> 210 <title>Contents</title> 211 212 <segmentedlist> 213 <segtitle>Installed Programs</segtitle> 214 <segtitle>Installed Libraries</segtitle> 215 <segtitle>Installed Directories</segtitle> 216 217 <seglistitem> 218 <seg>siggen, tripwire, twadmin, and twprint.</seg> 219 <seg>None</seg> 220 <seg>/etc/tripwire, /usr/share/doc/tripwire, and /var/lib/tripwire</seg> 221 </seglistitem> 222 </segmentedlist> 223 224 <variablelist> 225 <bridgehead renderas="sect3">Short Descriptions</bridgehead> 226 <?dbfo list-presentation="list"?> 227 <?dbhtml list-presentation="table"?> 228 229 <varlistentry id="siggen"> 230 <term><command>siggen</command></term> 231 <listitem> 232 <para>is a signature gathering utility that displays 233 the hash function values for the specified files.</para> 234 <indexterm zone="tripwire-portable siggen"> 235 <primary sortas="b-siggen">siggen</primary> 236 </indexterm> 237 </listitem> 238 </varlistentry> 239 240 <varlistentry id='tripwire'> 241 <term><command>tripwire</command></term> 242 <listitem> 243 <para>is the main file integrity checking program.</para> 244 <indexterm zone="tripwire-portable tripwire"> 245 <primary sortas="b-tripwire">tripwire</primary> 246 </indexterm> 247 </listitem> 248 </varlistentry> 249 250 <varlistentry id='twadmin'> 251 <term><command>twadmin</command></term> 252 <listitem> 253 <para>administrative and utility tool used to perform 254 certain administrative functions related to 255 <application>Tripwire</application> files and configuration 256 options.</para> 257 <indexterm zone="tripwire-portable twadmin"> 258 <primary sortas="b-twadmin">twadmin</primary> 259 </indexterm> 260 </listitem> 261 </varlistentry> 262 263 <varlistentry id='twprint'> 264 <term><command>twprint</command></term> 265 <listitem> 266 <para>prints <application>Tripwire</application> 267 database and report files in clear text format.</para> 268 <indexterm zone="tripwire-portable twprint"> 269 <primary sortas="b-twprint">twprint</primary> 270 </indexterm> 271 </listitem> 272 </varlistentry> 273 274 </variablelist> 275 276 </sect2> 246 277 247 278 </sect1> 248
Note:
See TracChangeset
for help on using the changeset viewer.