Changeset 47274444 for postlfs/security/tripwire.xml
- Timestamp:
- 03/24/2020 07:19:44 PM (4 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- fa3edfef
- Parents:
- 914049f6
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/tripwire.xml
r914049f6 r47274444 30 30 <title>Introduction to Tripwire</title> 31 31 32 <para>The <application>Tripwire</application> package contains programs 33 used to verify the integrity of the files on a given system.</para> 32 <para> 33 The <application>Tripwire</application> package contains programs 34 used to verify the integrity of the files on a given system. 35 </para> 34 36 35 37 &lfs91_checked; … … 38 40 <itemizedlist spacing="compact"> 39 41 <listitem> 40 <para>Download (HTTP): <ulink url="&tripwire-download-http;"/></para> 41 </listitem> 42 <listitem> 43 <para>Download (FTP): <ulink url="&tripwire-download-ftp;"/></para> 44 </listitem> 45 <listitem> 46 <para>Download MD5 sum: &tripwire-md5sum;</para> 47 </listitem> 48 <listitem> 49 <para>Download size: &tripwire-size;</para> 50 </listitem> 51 <listitem> 52 <para>Estimated disk space required: &tripwire-buildsize;</para> 53 </listitem> 54 <listitem> 55 <para>Estimated build time: &tripwire-time;</para> 42 <para> 43 Download (HTTP): <ulink url="&tripwire-download-http;"/> 44 </para> 45 </listitem> 46 <listitem> 47 <para> 48 Download (FTP): <ulink url="&tripwire-download-ftp;"/> 49 </para> 50 </listitem> 51 <listitem> 52 <para> 53 Download MD5 sum: &tripwire-md5sum; 54 </para> 55 </listitem> 56 <listitem> 57 <para> 58 Download size: &tripwire-size; 59 </para> 60 </listitem> 61 <listitem> 62 <para> 63 Estimated disk space required: &tripwire-buildsize; 64 </para> 65 </listitem> 66 <listitem> 67 <para> 68 Estimated build time: &tripwire-time; 69 </para> 56 70 </listitem> 57 71 </itemizedlist> 58 <!-- 59 <note> 60 <para> 61 The <application>tripwire</application> source tarball shown above 62 downloads with the correct name, tripwire-open-source-&tripwire-version;.tar.gz, 63 if using a browser such as Firefox. If you prefer to use a command line 64 program such as wget, you normally would obtain 65 &tripwire-version;.tar.gz. To obtain this package with the proper 66 filename, run: 67 68 <screen><userinput>wget -c https://github.com/Tripwire/tripwire-open-source/archive/&tripwire-version;.tar.gz \ 69 -O tripwire-open-source-&tripwire-version;.tar.gz</userinput></screen>. 70 </para> 71 </note> 72 --> 72 73 73 <bridgehead renderas="sect3">Tripwire Dependencies</bridgehead> 74 74 <!-- 75 75 <bridgehead renderas="sect4">Recommended</bridgehead> 76 <para role="recommended"><xref linkend="openssl"/></para> 76 <para role="recommended"> 77 <xref linkend="openssl"/> 78 </para> 77 79 --> 78 80 79 81 <bridgehead renderas="sect4">Optional</bridgehead> 80 <para role="optional">An <xref linkend="server-mail"/></para> 82 <para role="optional"> 83 An <xref linkend="server-mail"/> 84 </para> 81 85 82 86 <para condition="html" role="usernotes">User Notes: … … 88 92 <title>Installation of Tripwire</title> 89 93 90 <para>Compile <application>Tripwire</application> by running the following 91 commands:</para> 94 <para> 95 Compile <application>Tripwire</application> by running the following 96 commands: 97 </para> 92 98 93 99 <screen><userinput>sed -e '/^CLOBBER/s/false/true/' \ … … 106 112 make</userinput></screen> 107 113 108 <note><para>The default configuration is to use a local MTA. If 109 you don't have an MTA installed and have no wish to install 110 one, modify <filename>install/install.cfg</filename> to use an SMTP 111 server instead. Otherwise the install will fail.</para></note> 112 113 <para>This package does not come with a test suite.</para> 114 115 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 114 <note> 115 <para> 116 The default configuration is to use a local MTA. If 117 you don't have an MTA installed and have no wish to install 118 one, modify <filename>install/install.cfg</filename> to use an SMTP 119 server instead. Otherwise the install will fail. 120 </para> 121 </note> 122 123 <para> 124 This package does not come with a test suite. 125 </para> 126 127 <para> 128 Now, as the <systemitem class="username">root</systemitem> user: 129 </para> 116 130 117 131 <screen role="root"><userinput>make install && … … 183 197 <title>Config Files</title> 184 198 185 <para><filename>/etc/tripwire/*</filename></para> 199 <para> 200 <filename>/etc/tripwire/*</filename> 201 </para> 186 202 187 203 <indexterm zone="tripwire tripwire-config"> … … 194 210 <title>Configuration Information</title> 195 211 196 <para><application>Tripwire</application> uses a policy file to 197 determine which files are integrity checked. The default policy 198 file (<filename>/etc/tripwire/twpol.txt</filename>) is for a 199 default installation and will need to be updated for your 200 system.</para> 201 202 <para>Policy files should be tailored to each individual distribution 203 and/or installation. Some example policy files can be found in <filename 204 class="directory">/usr/share/doc/tripwire/</filename>.</para> 205 206 <para>If desired, copy the policy file you'd like to try into <filename 207 class="directory">/etc/tripwire/</filename> instead of using the default 208 policy file, <filename>twpol.txt</filename>. It is, however, recommended 209 that you edit your policy file. Get ideas from the examples above and 210 read <filename>/usr/share/doc/tripwire/policyguide.txt</filename> for 211 additional information. <filename>twpol.txt</filename> is a good policy 212 file for learning about <application>Tripwire</application> as it will 213 note any changes to the file system and can even be used as an annoying 214 way of keeping track of changes for uninstallation of software.</para> 215 216 <para>After your policy file has been edited to your satisfaction you may 217 begin the configuration steps (perform as the <systemitem 218 class='username'>root</systemitem>) user:</para> 212 <para> 213 <application>Tripwire</application> uses a policy file to 214 determine which files are integrity checked. The default policy 215 file (<filename>/etc/tripwire/twpol.txt</filename>) is for a 216 default installation and will need to be updated for your 217 system. 218 </para> 219 220 <para> 221 Policy files should be tailored to each individual distribution and/or 222 installation. Some example policy files can be found in <filename 223 class="directory">/usr/share/doc/tripwire/</filename>. 224 </para> 225 226 <para> 227 If desired, copy the policy file you'd like to try into <filename 228 class="directory">/etc/tripwire/</filename> instead of using the 229 default policy file, <filename>twpol.txt</filename>. It is, however, 230 recommended that you edit your policy file. Get ideas from the 231 examples above and read 232 <filename>/usr/share/doc/tripwire/policyguide.txt</filename> for 233 additional information. <filename>twpol.txt</filename> is a good 234 policy file for learning about <application>Tripwire</application> 235 as it will note any changes to the file system and can even be used 236 as an annoying way of keeping track of changes for uninstallation of 237 software. 238 </para> 239 240 <para> 241 After your policy file has been edited to your satisfaction you may 242 begin the configuration steps (perform as the <systemitem 243 class='username'>root</systemitem>) user: 244 </para> 219 245 220 246 <screen role="root"><userinput>twadmin --create-polfile --site-keyfile /etc/tripwire/site.key \ … … 222 248 tripwire --init</userinput></screen> 223 249 224 <para>Depending on your system and the contents of the policy file, the 225 initialization phase above can take a relatively long time.</para> 250 <para> 251 Depending on your system and the contents of the policy file, the 252 initialization phase above can take a relatively long time. 253 </para> 226 254 227 255 </sect3> … … 230 258 <title>Usage Information</title> 231 259 232 <para><application>Tripwire</application> will identify file changes in 233 the critical system files specified in the policy file. Using 234 <application>Tripwire</application> while making frequent changes to 235 these directories will flag all these changes. It is most useful after a 236 system has reached a configuration that the user considers stable.</para> 237 238 <para>To use <application>Tripwire</application> after creating a policy 239 file to run a report, use the following command:</para> 260 <para> 261 <application>Tripwire</application> will identify file changes in 262 the critical system files specified in the policy file. Using 263 <application>Tripwire</application> while making frequent changes to 264 these directories will flag all these changes. It is most useful 265 after a system has reached a configuration that the user considers 266 stable. 267 </para> 268 269 <para> 270 To use <application>Tripwire</application> after creating a policy 271 file to run a report, use the following command: 272 </para> 240 273 241 274 <screen role="root"><userinput>tripwire --check > /etc/tripwire/report.txt</userinput></screen> 242 275 243 <para>View the output to check the integrity of your files. An automatic 244 integrity report can be produced by using a cron facility to schedule the 245 runs.</para> 246 247 <para>Reports are stored in binary and, if desired, encrypted. View reports, 248 as the <systemitem class="username">root</systemitem> user, with:</para> 249 250 <screen role="root"><userinput>twprint --print-report -r /var/lib/tripwire/report/<replaceable><report-name.twr></replaceable></userinput></screen> 251 252 <para>After you run an integrity check, you should examine the 253 report (or email) and then modify the <application>Tripwire</application> 254 database to reflect the changed files on your system. This is so that 255 <application>Tripwire</application> will not continually notify you that 256 files you intentionally changed are a security violation. To do this you 257 must first <command>ls -l /var/lib/tripwire/report/</command> and note 258 the name of the newest file which starts with your system name as 259 presented by the command <userinput>uname -n</userinput> 260 and ends in <filename>.twr</filename>. These files were created 261 during report creation and the most current one is needed to update the 262 <application>Tripwire</application> database of your system. As the 263 <systemitem class='username'>root</systemitem> user, type in the 264 following command making the appropriate report name:</para> 265 266 <screen role="root"><userinput>tripwire --update --twrfile /var/lib/tripwire/report/<replaceable><report-name.twr></replaceable></userinput></screen> 267 268 <para>You will be placed into <application>Vim</application> with a copy 269 of the report in front of you. If all the changes were good, then just 270 type <command>:wq</command> and after entering your local key, the database 271 will be updated. If there are files which you still want to be warned 272 about, remove the 'x' before the filename in the report and type 273 <command>:wq</command>.</para> 274 275 <!-- 10-12-2013 bad URL and no good URL found 276 <para>A good summary of tripwire operations can be found at 277 <ulink url="http://va-holladays.no-ip.info:2200/tools/security-docs/tripwire-v1.0.pdf"/>.</para> 278 --> 276 <para> 277 View the output to check the integrity of your files. An automatic 278 integrity report can be produced by using a cron facility to schedule 279 the runs. 280 </para> 281 282 <para> 283 Reports are stored in binary and, if desired, encrypted. View reports, 284 as the <systemitem class="username">root</systemitem> user, with: 285 </para> 286 287 <screen role="nodump"><userinput>twprint --print-report -r /var/lib/tripwire/report/<replaceable><report-name.twr></replaceable></userinput></screen> 288 289 <para> 290 After you run an integrity check, you should examine the report (or 291 email) and then modify the <application>Tripwire</application> database 292 to reflect the changed files on your system. This is so that 293 <application>Tripwire</application> will not continually notify you 294 hat files you intentionally changed are a security violation. To do 295 this you must first <command>ls -l /var/lib/tripwire/report/</command> 296 and note the name of the newest file which starts with your system 297 name as presented by the command <userinput>uname -n</userinput> and 298 ends in <filename>.twr</filename>. These files were created during 299 report creation and the most current one is needed to update the 300 <application>Tripwire</application> database of your system. As the 301 <systemitem class='username'>root</systemitem> user, type in the 302 following command making the appropriate report name: 303 </para> 304 305 <screen role="nodump"><userinput>tripwire --update --twrfile /var/lib/tripwire/report/<replaceable><report-name.twr></replaceable></userinput></screen> 306 307 <para> 308 You will be placed into <application>Vim</application> with a copy 309 of the report in front of you. If all the changes were good, then just 310 type <command>:wq</command> and after entering your local key, the 311 database will be updated. If there are files which you still want to 312 be warned about, remove the 'x' before the filename in the report and 313 type <command>:wq</command>. 314 </para> 315 279 316 </sect3> 280 317 … … 282 319 <title>Changing the Policy File</title> 283 320 284 <para>If you are unhappy with your policy file and would like to modify 285 it or use a new one, modify the policy file and then execute the following 286 commands as the <systemitem class='username'>root</systemitem> user:</para> 287 288 <screen role="root"><userinput>twadmin --create-polfile /etc/tripwire/twpol.txt && 321 <para> 322 If you are unhappy with your policy file and would like to modify it 323 or use a new one, modify the policy file and then execute the following 324 commands as the <systemitem class='username'>root</systemitem> user: 325 </para> 326 327 <screen role="nodump"><userinput>twadmin --create-polfile /etc/tripwire/twpol.txt && 289 328 tripwire --init</userinput></screen> 290 329 … … 317 356 <term><command>siggen</command></term> 318 357 <listitem> 319 <para>is a signature gathering utility that displays 320 the hash function values for the specified files.</para> 358 <para> 359 is a signature gathering utility that displays 360 the hash function values for the specified files. 361 </para> 321 362 <indexterm zone="tripwire siggen"> 322 363 <primary sortas="b-siggen">siggen</primary> … … 328 369 <term><command>tripwire</command></term> 329 370 <listitem> 330 <para>is the main file integrity checking program.</para> 371 <para> 372 is the main file integrity checking program. 373 </para> 331 374 <indexterm zone="tripwire tripwire"> 332 375 <primary sortas="b-tripwire">tripwire</primary> … … 338 381 <term><command>twadmin</command></term> 339 382 <listitem> 340 <para>administrative and utility tool used to perform 341 certain administrative functions related to 342 <application>Tripwire</application> files and configuration 343 options.</para> 383 <para> 384 administrative and utility tool used to perform 385 certain administrative functions related to 386 <application>Tripwire</application> files and configuration 387 options. 388 </para> 344 389 <indexterm zone="tripwire twadmin"> 345 390 <primary sortas="b-twadmin">twadmin</primary> … … 351 396 <term><command>twprint</command></term> 352 397 <listitem> 353 <para>prints <application>Tripwire</application> 354 database and report files in clear text format.</para> 398 <para> 399 prints <application>Tripwire</application> 400 database and report files in clear text format. 401 </para> 355 402 <indexterm zone="tripwire twprint"> 356 403 <primary sortas="b-twprint">twprint</primary>
Note:
See TracChangeset
for help on using the changeset viewer.