Changeset 8f44fa03 for postlfs/security/tripwire/tripwire-config.xml
- Timestamp:
- 09/13/2003 03:01:40 PM (21 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, v5_0, v5_0-pre1, v5_1, v5_1-pre1, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 30f1425
- Parents:
- 781e273
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/tripwire/tripwire-config.xml
r781e273 r8f44fa03 1 1 <sect2> 2 <title>Configuring tripwire</title>2 <title>Configuring <application>tripwire</application></title> 3 3 4 4 <sect3><title>Config files</title> 5 <para>< userinput>/etc/tripwire</userinput></para>5 <para><filename>/etc/tripwire</filename></para> 6 6 </sect3> 7 7 8 8 <sect3><title>Configuration Information</title> 9 9 10 <para> Tripwire uses a policy file to determine which files integrity11 are checked. The default policy file (<filename>twpol.txt</filename> found in 12 < filename>/etc/tripwire/</filename>) is for a default installation of Redhat13 7.0 and is woefully outdated.</para>10 <para><application>Tripwire</application> uses a policy file to determine which 11 files integrity are checked. The default policy file (<filename>twpol.txt 12 </filename> found in <filename>/etc/tripwire/</filename>) is for a default 13 installation of Redhat 7.0 and is woefully outdated.</para> 14 14 15 <para>Policy files are also a custom thing and should be tailored to 16 each individual distro and/or installation. Some custom policy files 17 can befound below: </para>15 <para>Policy files are also a custom thing and should be tailored to each 16 individual distribution and/or installation. Some custom policy files can be 17 found below: </para> 18 18 <screen><ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt"/> 19 19 Checks integrity of all files … … 23 23 Custom policy file for SuSE 7.2 system</screen> 24 24 25 <para>Download the custom policy file you'd like to try, copy it into 26 <filename>/etc/tripwire/</filename>, and use it instead of <filename>twpol.txt</filename>. It 27 is, however, recommended that you make your own policy file. Get ideas 28 from the examples above and read 29 <filename>/usr/share/doc/tripwire/policyguide.txt</filename>. 30 <filename>twpol.txt</filename> is a good policy file for beginners as it will note any changes to the filesystem and can even be used as an annoying way of keeping track of changes for uninstallation of software.</para> 25 <para>Download the custom policy file you'd like to try, copy it into <filename> 26 /etc/tripwire/</filename>, and use it instead of <filename>twpol.txt 27 </filename>. It is, however, recommended that you make your own policy file. 28 Get ideas from the examples above and read <filename> 29 /usr/share/doc/tripwire/policyguide.txt</filename>. <filename>twpol.txt 30 </filename> is a good policy file for beginners as it will note any changes to 31 the filesystem and can even be used as an annoying way of keeping track of 32 changes for uninstallation of software.</para> 31 33 32 <para>After your policy file has been transferred to <filename>/etc/tripwire/</filename> you may begin the configuration steps:</para> 34 <para>After your policy file has been transferred to <filename>/etc/tripwire/ 35 </filename> you may begin the configuration steps:</para> 33 36 34 <screen><userinput> twadmin -m P /etc/tripwire/twpol.txt &&35 tripwire -m i</ userinput></screen>37 <screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt && 38 tripwire -m i</command></userinput></screen> 36 39 37 40 <para>During configuration tripwire will create 2 keys: a site key and 38 a local key which will be stored in <filename class="directory">/etc/tripwire/</filename>.</para> 41 a local key which will be stored in <filename class="directory">/etc/tripwire/ 42 </filename>.</para> 39 43 40 44 </sect3> … … 43 47 <para>To use tripwire after this and run a report using the following command: 44 48 45 <screen><userinput>tripwire -m c > /etc/tripwire/report.txt</userinput></screen></para> 49 <screen><userinput><command>tripwire -m c > /etc/tripwire/report.txt 50 </command></userinput></screen></para> 46 51 47 52 <para>View the output to check the integrity of your files. An automatic … … 52 57 on your system so that tripwire will not continually notify you that 53 58 files you intentionally changed are a security violation. To do this you 54 must first < userinput>ls /var/lib/tripwire/report/</userinput> and note55 the name of the newest file which starts with 56 <filename>linux-</filename> and ends in <filename>.twr</filename>. This 57 encrypted file was created during the last report creation and is needed 58 to update the tripwire database of your system. Then, type in the 59 following command making the appropriatesubstitutions for '?':60 <screen><userinput> tripwire -m u -r /var/lib/tripwire/report/linux-???????-??????.twr</userinput></screen></para>59 must first <command>ls /var/lib/tripwire/report/</command> and note 60 the name of the newest file which starts with <filename>linux-</filename> and 61 ends in <filename>.twr</filename>. This encrypted file was created during the 62 last report creation and is needed to update the tripwire database of your 63 system. Then, type in the following command making the appropriate 64 substitutions for '?': 65 <screen><userinput><command>tripwire -m u -r /var/lib/tripwire/report/linux-???????-??????.twr </command></userinput></screen></para> 61 66 62 <para>You will be placed into vim with a copy of the report in front of 63 you. If all the changes were good, then just type 64 <userinput>:x</userinput> and after entering your local key, the 65 database will be updated. If there are files which you 66 still want to be warned about, please remove the x before the filename 67 in the report and type <userinput>:x</userinput>. </para> 67 <para>You will be placed into vim with a copy of the report in front of you. If 68 all the changes were good, then just type <command>:x</command> and after 69 entering your local key, the database will be updated. If there are files which 70 you still want to be warned about, please remove the x before the filename in 71 the report and type <command>:x</command>. </para> 68 72 69 73 </sect3> … … 71 75 <sect3><title>Changing the Policy File</title> 72 76 73 <para>If you are unhappy with your policy file and would like to modify it or use a new one, modify the policy file and then execute the following commands: 74 <screen><userinput>twadmin -m P /etc/tripwire/twpol.txt && 75 tripwire -m i</userinput></screen></para> 77 <para>If you are unhappy with your policy file and would like to modify it or 78 use a new one, modify the policy file and then execute the following commands: 79 <screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt && 80 tripwire -m i</command></userinput></screen></para> 76 81 77 82 </sect3>
Note:
See TracChangeset
for help on using the changeset viewer.