Changeset b4b71892 for postlfs/security/tripwire.xml

Timestamp:

06/10/2004 05:47:11 AM (20 years ago)

Author:

Bruce Dubbs <bdubbs@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

cf43c83

Parents:

f8d632a

Message:

New XML Chapter 4

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2288 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

• postlfs/security/tripwire.xml (modified) (1 diff)

postlfs/security/tripwire.xml

@@ +1 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+   "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
+  <!ENTITY % general-entities SYSTEM "../../general.ent">
+  %general-entities;
+
+  <!ENTITY tripwire-download-http "http://prdownloads.sourceforge.net/tripwire/tripwire-&tripwire-version;.tar.gz">
+  <!ENTITY tripwire-download-ftp  "ftp://ftp.fu-berlin.de/unix/security/tripwire/tripwire-&tripwire-version;.tar.gz">
+  <!ENTITY tripwire-size          "1.4 MB">
+  <!ENTITY tripwire-buildsize     "63 MB">
+  <!ENTITY tripwire-time          "2.35 SBU">
+]>
+
 <sect1 id="tripwire" xreflabel="Tripwire-&tripwire-version;">
 <?dbhtml filename="tripwire.html"?>
 <title>Tripwire-&tripwire-version;</title>
 
-&tripwire-intro;
-&tripwire-inst;
-&tripwire-exp;
-&tripwire-config;
-&tripwire-desc;
+<sect2>
+<title>Introduction to <application>Tripwire</application></title>
+
+<para>The <application>Tripwire</application> package contains the programs 
+used by <application>Tripwire</application> to verify the integrity of the 
+files on a given system.</para>
+
+<sect3><title>Package information</title>
+<itemizedlist spacing='compact'>
+<listitem><para>Download (HTTP): <ulink
+url="&tripwire-download-http;"/></para></listitem>
+<listitem><para>Download (FTP): <ulink
+url="&tripwire-download-ftp;"/></para></listitem>
+<listitem><para>Download size: &tripwire-size;</para></listitem>
+<listitem><para>Estimated Disk space required:
+&tripwire-buildsize;</para></listitem>
+<listitem><para>Estimated build time:
+&tripwire-time;</para></listitem></itemizedlist>
+</sect3>
+
+<sect3><title>Additional downloads</title>
+<itemizedlist spacing='compact'>
+<listitem><para>Required patch to fix multiple build issues (see patch for more information):
+<ulink url="&patch-root;/tripwire-&tripwire-version;-gcc3-build-fixes.patch"/></para></listitem>
+</itemizedlist>
+</sect3>
+
+<sect3><title><application>Shadow</application> dependencies</title>
+<sect4><title>Optional</title>
+<para>MTA (See <xref linkend="server-mail"/>)</para></sect4>
+</sect3>
+
+</sect2>
+
+
+<sect2>
+<title>Installation of <application>Tripwire</application></title>
+
+<para>Compile <application>Tripwire</application> by running the following 
+commands:</para>
+
+<screen><userinput><command>patch -Np1 -i ../tripwire-&tripwire-version;-gcc3-build-fixes.patch &amp;&amp;
+make -C src release &amp;&amp;
+cp install/install.{sh,cfg} .</command></userinput></screen>
+
+<para>The default configuration is to use a local MTA. If you don't have
+a MTA installed and have no wish to install one, modify the
+<filename>install.cfg</filename> to use an SMTP server instead.
+Install <application>Tripwire</application> by running the following 
+commands:</para>
+
+<screen><userinput><command>./install.sh &amp;&amp;
+cp /etc/tripwire/tw.cfg /usr/sbin &amp;&amp;
+cp policy/*.txt /usr/share/doc/tripwire</command></userinput></screen>
+
+</sect2>
+
+<sect2>
+<title>Command explanations</title>
+
+<para><command>make release</command>: This command creates the
+<application>Tripwire</application> binaries.</para>
+
+<para><command>cp install.{sh,cfg} .</command>: These are copied to the main
+<application>Tripwire</application> directory so that the script can be used to 
+install the package.</para>
+
+<para><command>cp policy/*.txt /usr/share/doc/tripwire</command>: This command 
+installs the documentation.</para>
+
+</sect2>
+
+<sect2>
+<title>Configuring <application>Tripwire</application></title>
+
+<sect3><title>Config files</title>
+<para><filename class="directory">/etc/tripwire</filename></para>
+</sect3>
+
+<sect3><title>Configuration Information</title>
+
+<para><application>Tripwire</application> uses a policy file to determine which 
+files integrity are checked. The default policy file (<filename>twpol.txt
+</filename> found in <filename class="directory">/etc/tripwire/</filename>) is for a default 
+installation of Redhat 7.0 and is woefully outdated.</para>
+
+<para>Policy files are also a custom thing and should be tailored to each 
+individual distribution and/or installation. Some custom policy files can be 
+found below: </para>
+<screen><ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt</ulink>
+Checks integrity of all files
+<ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt</ulink>
+Custom policy file for Base LFS 3.0 system
+<ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt</ulink>
+Custom policy file for SuSE 7.2 system</screen>
+
+<para>Download the custom policy file you'd like to try, copy it into
+<filename class="directory">/etc/tripwire/</filename>, and use it instead of 
+<filename>twpol.txt</filename>. It is, however, recommended that you make your own policy file. 
+Get ideas from the examples above and read <filename>
+/usr/share/doc/tripwire/policyguide.txt</filename>. <filename>twpol.txt
+</filename> is a good policy file for beginners as it will note any changes to 
+the file system and can even be used as an annoying way of keeping track of 
+changes for uninstallation of software.</para>
+
+<para>After your policy file has been transferred to <filename
+class="directory">/etc/tripwire/</filename> you may begin the configuration steps:</para>
+
+<screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
+tripwire -m i</command></userinput></screen>
+
+<para>During installation <application>Tripwire</application> will create two
+(2) keys: a site key and a local key which will be stored in <filename
+class="directory">/etc/tripwire/</filename>.</para>
+
+</sect3>
+
+<sect3><title>Usage Information</title>
+<para>To use <application>Tripwire</application> after this and run a report, 
+use the following command:</para>
+
+<screen><userinput><command>tripwire -m c &gt; /etc/tripwire/report.txt</command></userinput></screen>
+
+<para>View the output to check the integrity of your files. An automatic
+integrity report can be produced by using a cron facility to schedule
+the runs. </para>
+
+<para>Please note that after you run an integrity check, you must check
+the report or email and then modify the
+<application>Tripwire</application> database of the files
+on your system so that <application>Tripwire</application> will not continually notify you that
+files you intentionally changed are a security violation. To do this you
+must first <command>ls -l /var/lib/tripwire/report/</command> and note
+the name of the newest file which starts with <filename>linux-</filename> and 
+ends in <filename>.twr</filename>. This encrypted file was created during the 
+last report creation and is needed to update the
+<application>Tripwire</application> database of your 
+system. Then, type in the following command making the appropriate 
+substitutions for '?':</para>
+<screen><userinput><command>tripwire -m u -r /var/lib/tripwire/report/linux-???????-??????.twr </command></userinput></screen>
+
+<para>You will be placed into vim with a copy of the report in front of you. If 
+all the changes were good, then just type <command>:x</command> and after 
+entering your local key, the database will be updated. If there are files which 
+you still want to be warned about, please remove the x before the filename in 
+the report and type <command>:x</command>. </para>
+
+</sect3>
+
+<sect3><title>Changing the Policy File</title>
+
+<para>If you are unhappy with your policy file and would like to modify it or 
+use a new one, modify the policy file and then execute the following
+commands:</para>
+<screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
+tripwire -m i</command></userinput></screen>
+
+</sect3>
+
+</sect2>
+
+<sect2>
+<title>Contents</title>
+
+<para>The <application>Tripwire</application> package contains <command>siggen
+</command>,
+<command>tripwire</command>, <command>twadmin</command>
+and <command>twprint</command>.</para>
+
+</sect2>
 
 </sect1>