Context Navigation

-              r914049f6
+              r47274444
     <title>Introduction to Tripwire</title>
+    <para>The <application>Tripwire</application> package contains programs
+    used to verify the integrity of the files on a given system.</para>
+    <para>
+      The <application>Tripwire</application> package contains programs
+      used to verify the integrity of the files on a given system.
+    </para>
     &lfs91_checked;
 …
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Download (HTTP): <ulink url="&tripwire-download-http;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download (FTP): <ulink url="&tripwire-download-ftp;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &tripwire-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &tripwire-size;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &tripwire-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &tripwire-time;</para>
+        <para>
+          Download (HTTP): <ulink url="&tripwire-download-http;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download (FTP): <ulink url="&tripwire-download-ftp;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download MD5 sum: &tripwire-md5sum;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download size: &tripwire-size;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated disk space required: &tripwire-buildsize;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated build time: &tripwire-time;
+        </para>
       </listitem>
     </itemizedlist>
+<!--
+    <note>
+      <para>
+        The <application>tripwire</application> source tarball shown above
+        downloads with the correct name, tripwire-open-source-&tripwire-version;.tar.gz,
+        if using a browser such as Firefox. If you prefer to use a command line
+        program such as wget, you normally would obtain
+        &tripwire-version;.tar.gz. To obtain this package with the proper
+        filename, run:
+<screen><userinput>wget -c https://github.com/Tripwire/tripwire-open-source/archive/&tripwire-version;.tar.gz \
+     -O tripwire-open-source-&tripwire-version;.tar.gz</userinput></screen>.
+      </para>
+    </note>
+-->
     <bridgehead renderas="sect3">Tripwire Dependencies</bridgehead>
 <!--
     <bridgehead renderas="sect4">Recommended</bridgehead>
+    <para role="recommended"><xref linkend="openssl"/></para>
+    <para role="recommended">
+      <xref linkend="openssl"/>
+    </para>
 -->
     <bridgehead renderas="sect4">Optional</bridgehead>
+    <para role="optional">An <xref linkend="server-mail"/></para>
+    <para role="optional">
+      An <xref linkend="server-mail"/>
+    </para>
     <para condition="html" role="usernotes">User Notes:
 …
     <title>Installation of Tripwire</title>
+    <para>Compile <application>Tripwire</application> by running the following
+    commands:</para>
+    <para>
+      Compile <application>Tripwire</application> by running the following
+      commands:
+    </para>
 <screen><userinput>sed -e '/^CLOBBER/s/false/true/'         \
 …
 make</userinput></screen>
+    <note><para>The default configuration is to use a local MTA. If
+    you don't have an MTA installed and have no wish to install
+    one, modify <filename>install/install.cfg</filename> to use an SMTP
+    server instead.  Otherwise the install will fail.</para></note>
+    <para>This package does not come with a test suite.</para>
+    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+    <note>
+      <para>
+        The default configuration is to use a local MTA. If
+        you don't have an MTA installed and have no wish to install
+        one, modify <filename>install/install.cfg</filename> to use an SMTP
+        server instead.  Otherwise the install will fail.
+      </para>
+    </note>
+    <para>
+      This package does not come with a test suite.
+    </para>
+    <para>
+      Now, as the <systemitem class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>make install &amp;&amp;
 …
       <title>Config Files</title>
+      <para><filename>/etc/tripwire/*</filename></para>
+      <para>
+        <filename>/etc/tripwire/*</filename>
+      </para>
       <indexterm zone="tripwire tripwire-config">
 …
       <title>Configuration Information</title>
+      <para><application>Tripwire</application> uses a policy file to
+      determine which files are integrity checked. The default policy
+      file (<filename>/etc/tripwire/twpol.txt</filename>) is for a
+      default installation and will need to be updated for your
+      system.</para>
+      <para>Policy files should be tailored to each individual distribution
+      and/or installation. Some example policy files can be found in <filename
+      class="directory">/usr/share/doc/tripwire/</filename>.</para>
+      <para>If desired, copy the policy file you'd like to try into <filename
+      class="directory">/etc/tripwire/</filename> instead of using the default
+      policy file, <filename>twpol.txt</filename>.  It is, however, recommended
+      that you edit your policy file. Get ideas from the examples above and
+      read <filename>/usr/share/doc/tripwire/policyguide.txt</filename> for
+      additional information. <filename>twpol.txt</filename> is a good policy
+      file for learning about <application>Tripwire</application> as it will
+      note any changes to the file system and can even be used as an annoying
+      way of keeping track of changes for uninstallation of software.</para>
+      <para>After your policy file has been edited to your satisfaction you may
+      begin the configuration steps (perform as the <systemitem
+      class='username'>root</systemitem>) user:</para>
+      <para>
+        <application>Tripwire</application> uses a policy file to
+        determine which files are integrity checked. The default policy
+        file (<filename>/etc/tripwire/twpol.txt</filename>) is for a
+        default installation and will need to be updated for your
+        system.
+      </para>
+      <para>
+        Policy files should be tailored to each individual distribution and/or
+        installation. Some example policy files can be found in <filename
+        class="directory">/usr/share/doc/tripwire/</filename>.
+      </para>
+      <para>
+        If desired, copy the policy file you'd like to try into <filename
+        class="directory">/etc/tripwire/</filename> instead of using the
+        default policy file, <filename>twpol.txt</filename>.  It is, however,
+        recommended that you edit your policy file. Get ideas from the
+        examples above and read
+        <filename>/usr/share/doc/tripwire/policyguide.txt</filename> for
+        additional information. <filename>twpol.txt</filename> is a good
+        policy file for learning about <application>Tripwire</application>
+        as it will note any changes to the file system and can even be used
+        as an annoying way of keeping track of changes for uninstallation of
+        software.
+      </para>
+      <para>
+        After your policy file has been edited to your satisfaction you may
+        begin the configuration steps (perform as the <systemitem
+        class='username'>root</systemitem>) user:
+      </para>
 <screen role="root"><userinput>twadmin --create-polfile --site-keyfile /etc/tripwire/site.key \
 …
 tripwire --init</userinput></screen>
+    <para>Depending on your system and the contents of the policy file, the
+    initialization phase above can take a relatively long time.</para>
+      <para>
+        Depending on your system and the contents of the policy file, the
+        initialization phase above can take a relatively long time.
+      </para>
     </sect3>
 …
       <title>Usage Information</title>
+      <para><application>Tripwire</application> will identify file changes in
+      the critical system files specified in the policy file.  Using
+      <application>Tripwire</application> while making frequent changes to
+      these directories will flag all these changes.  It is most useful after a
+      system has reached a configuration that the user considers stable.</para>
+      <para>To use <application>Tripwire</application> after creating a policy
+      file to run a report, use the following command:</para>
+      <para>
+        <application>Tripwire</application> will identify file changes in
+        the critical system files specified in the policy file.  Using
+        <application>Tripwire</application> while making frequent changes to
+        these directories will flag all these changes.  It is most useful
+        after a system has reached a configuration that the user considers
+        stable.
+      </para>
+      <para>
+        To use <application>Tripwire</application> after creating a policy
+        file to run a report, use the following command:
+      </para>
 <screen role="root"><userinput>tripwire --check &gt; /etc/tripwire/report.txt</userinput></screen>
+      <para>View the output to check the integrity of your files. An automatic
+      integrity report can be produced by using a cron facility to schedule the
+      runs.</para>
+      <para>Reports are stored in binary and, if desired, encrypted.  View reports,
+      as the <systemitem class="username">root</systemitem> user, with:</para>
+<screen role="root"><userinput>twprint --print-report -r /var/lib/tripwire/report/<replaceable>&lt;report-name.twr&gt;</replaceable></userinput></screen>
+      <para>After you run an integrity check, you should examine the
+      report (or email) and then modify the <application>Tripwire</application>
+      database to reflect the changed files on your system. This is so that
+      <application>Tripwire</application> will not continually notify you that
+      files you intentionally changed are a security violation. To do this you
+      must first <command>ls -l /var/lib/tripwire/report/</command> and note
+      the name of the newest file which starts with your system name as
+      presented by the command <userinput>uname -n</userinput>
+      and ends in <filename>.twr</filename>. These files were created
+      during report creation and the most current one is needed to update the
+      <application>Tripwire</application> database of your system. As the
+      <systemitem class='username'>root</systemitem> user, type in the
+      following command making the appropriate report name:</para>
+<screen role="root"><userinput>tripwire --update --twrfile /var/lib/tripwire/report/<replaceable>&lt;report-name.twr&gt;</replaceable></userinput></screen>
+      <para>You will be placed into <application>Vim</application> with a copy
+      of the report in front of you. If all the changes were good, then just
+      type <command>:wq</command> and after entering your local key, the database
+      will be updated. If there are files which you still want to be warned
+      about, remove the 'x' before the filename in the report and type
+      <command>:wq</command>.</para>
+     <!-- 10-12-2013 bad URL and no good URL found
+      <para>A good summary of tripwire operations can be found at
+      <ulink url="http://va-holladays.no-ip.info:2200/tools/security-docs/tripwire-v1.0.pdf"/>.</para>
+     -->
+      <para>
+        View the output to check the integrity of your files. An automatic
+        integrity report can be produced by using a cron facility to schedule
+        the runs.
+      </para>
+      <para>
+        Reports are stored in binary and, if desired, encrypted.  View reports,
+        as the <systemitem class="username">root</systemitem> user, with:
+      </para>
+<screen role="nodump"><userinput>twprint --print-report -r /var/lib/tripwire/report/<replaceable>&lt;report-name.twr&gt;</replaceable></userinput></screen>
+      <para>
+        After you run an integrity check, you should examine the report (or
+        email) and then modify the <application>Tripwire</application> database
+        to reflect the changed files on your system. This is so that
+        <application>Tripwire</application> will not continually notify you
+        hat files you intentionally changed are a security violation. To do
+        this you must first <command>ls -l /var/lib/tripwire/report/</command>
+        and note the name of the newest file which starts with your system
+        name as presented by the command <userinput>uname -n</userinput> and
+        ends in <filename>.twr</filename>. These files were created during
+        report creation and the most current one is needed to update the
+        <application>Tripwire</application> database of your system. As the
+        <systemitem class='username'>root</systemitem> user, type in the
+        following command making the appropriate report name:
+      </para>
+<screen role="nodump"><userinput>tripwire --update --twrfile /var/lib/tripwire/report/<replaceable>&lt;report-name.twr&gt;</replaceable></userinput></screen>
+      <para>
+        You will be placed into <application>Vim</application> with a copy
+        of the report in front of you. If all the changes were good, then just
+        type <command>:wq</command> and after entering your local key, the
+        database will be updated. If there are files which you still want to
+        be warned about, remove the 'x' before the filename in the report and
+        type <command>:wq</command>.
+      </para>
     </sect3>
 …
       <title>Changing the Policy File</title>
+      <para>If you are unhappy with your policy file and would like to modify
+      it or use a new one, modify the policy file and then execute the following
+      commands as the <systemitem class='username'>root</systemitem> user:</para>
+<screen role="root"><userinput>twadmin --create-polfile /etc/tripwire/twpol.txt &amp;&amp;
+      <para>
+        If you are unhappy with your policy file and would like to modify it
+        or use a new one, modify the policy file and then execute the following
+        commands as the <systemitem class='username'>root</systemitem> user:
+      </para>
+<screen role="nodump"><userinput>twadmin --create-polfile /etc/tripwire/twpol.txt &amp;&amp;
 tripwire --init</userinput></screen>
 …
         <term><command>siggen</command></term>
         <listitem>
+          <para>is a signature gathering utility that displays
+          the hash function values for the specified files.</para>
+          <para>
+            is a signature gathering utility that displays
+            the hash function values for the specified files.
+          </para>
           <indexterm zone="tripwire siggen">
             <primary sortas="b-siggen">siggen</primary>
 …
         <term><command>tripwire</command></term>
         <listitem>
+          <para>is the main file integrity checking program.</para>
+          <para>
+            is the main file integrity checking program.
+          </para>
           <indexterm zone="tripwire tripwire">
             <primary sortas="b-tripwire">tripwire</primary>
 …
         <term><command>twadmin</command></term>
         <listitem>
+          <para>administrative and utility tool used to perform
+          certain administrative functions related to
+          <application>Tripwire</application> files and configuration
+          options.</para>
+          <para>
+            administrative and utility tool used to perform
+            certain administrative functions related to
+            <application>Tripwire</application> files and configuration
+            options.
+          </para>
           <indexterm zone="tripwire twadmin">
             <primary sortas="b-twadmin">twadmin</primary>
 …
         <term><command>twprint</command></term>
         <listitem>
+          <para>prints <application>Tripwire</application>
+          database and report files in clear text format.</para>
+          <para>
+            prints <application>Tripwire</application>
+            database and report files in clear text format.
+          </para>
           <indexterm zone="tripwire twprint">
             <primary sortas="b-twprint">twprint</primary>

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 47274444 for postlfs/security/tripwire.xml

Legend:

postlfs/security/tripwire.xml

Download in other formats: