Changeset b4b71892 for postlfs/security/tripwire.xml
- Timestamp:
- 06/10/2004 05:47:11 AM (20 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- cf43c83
- Parents:
- f8d632a
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/tripwire.xml
rf8d632a rb4b71892 1 <?xml version="1.0" encoding="ISO-8859-1"?> 2 <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" 3 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ 4 <!ENTITY % general-entities SYSTEM "../../general.ent"> 5 %general-entities; 6 7 <!ENTITY tripwire-download-http "http://prdownloads.sourceforge.net/tripwire/tripwire-&tripwire-version;.tar.gz"> 8 <!ENTITY tripwire-download-ftp "ftp://ftp.fu-berlin.de/unix/security/tripwire/tripwire-&tripwire-version;.tar.gz"> 9 <!ENTITY tripwire-size "1.4 MB"> 10 <!ENTITY tripwire-buildsize "63 MB"> 11 <!ENTITY tripwire-time "2.35 SBU"> 12 ]> 13 1 14 <sect1 id="tripwire" xreflabel="Tripwire-&tripwire-version;"> 2 15 <?dbhtml filename="tripwire.html"?> 3 16 <title>Tripwire-&tripwire-version;</title> 4 17 5 &tripwire-intro; 6 &tripwire-inst; 7 &tripwire-exp; 8 &tripwire-config; 9 &tripwire-desc; 18 <sect2> 19 <title>Introduction to <application>Tripwire</application></title> 20 21 <para>The <application>Tripwire</application> package contains the programs 22 used by <application>Tripwire</application> to verify the integrity of the 23 files on a given system.</para> 24 25 <sect3><title>Package information</title> 26 <itemizedlist spacing='compact'> 27 <listitem><para>Download (HTTP): <ulink 28 url="&tripwire-download-http;"/></para></listitem> 29 <listitem><para>Download (FTP): <ulink 30 url="&tripwire-download-ftp;"/></para></listitem> 31 <listitem><para>Download size: &tripwire-size;</para></listitem> 32 <listitem><para>Estimated Disk space required: 33 &tripwire-buildsize;</para></listitem> 34 <listitem><para>Estimated build time: 35 &tripwire-time;</para></listitem></itemizedlist> 36 </sect3> 37 38 <sect3><title>Additional downloads</title> 39 <itemizedlist spacing='compact'> 40 <listitem><para>Required patch to fix multiple build issues (see patch for more information): 41 <ulink url="&patch-root;/tripwire-&tripwire-version;-gcc3-build-fixes.patch"/></para></listitem> 42 </itemizedlist> 43 </sect3> 44 45 <sect3><title><application>Shadow</application> dependencies</title> 46 <sect4><title>Optional</title> 47 <para>MTA (See <xref linkend="server-mail"/>)</para></sect4> 48 </sect3> 49 50 </sect2> 51 52 53 <sect2> 54 <title>Installation of <application>Tripwire</application></title> 55 56 <para>Compile <application>Tripwire</application> by running the following 57 commands:</para> 58 59 <screen><userinput><command>patch -Np1 -i ../tripwire-&tripwire-version;-gcc3-build-fixes.patch && 60 make -C src release && 61 cp install/install.{sh,cfg} .</command></userinput></screen> 62 63 <para>The default configuration is to use a local MTA. If you don't have 64 a MTA installed and have no wish to install one, modify the 65 <filename>install.cfg</filename> to use an SMTP server instead. 66 Install <application>Tripwire</application> by running the following 67 commands:</para> 68 69 <screen><userinput><command>./install.sh && 70 cp /etc/tripwire/tw.cfg /usr/sbin && 71 cp policy/*.txt /usr/share/doc/tripwire</command></userinput></screen> 72 73 </sect2> 74 75 <sect2> 76 <title>Command explanations</title> 77 78 <para><command>make release</command>: This command creates the 79 <application>Tripwire</application> binaries.</para> 80 81 <para><command>cp install.{sh,cfg} .</command>: These are copied to the main 82 <application>Tripwire</application> directory so that the script can be used to 83 install the package.</para> 84 85 <para><command>cp policy/*.txt /usr/share/doc/tripwire</command>: This command 86 installs the documentation.</para> 87 88 </sect2> 89 90 <sect2> 91 <title>Configuring <application>Tripwire</application></title> 92 93 <sect3><title>Config files</title> 94 <para><filename class="directory">/etc/tripwire</filename></para> 95 </sect3> 96 97 <sect3><title>Configuration Information</title> 98 99 <para><application>Tripwire</application> uses a policy file to determine which 100 files integrity are checked. The default policy file (<filename>twpol.txt 101 </filename> found in <filename class="directory">/etc/tripwire/</filename>) is for a default 102 installation of Redhat 7.0 and is woefully outdated.</para> 103 104 <para>Policy files are also a custom thing and should be tailored to each 105 individual distribution and/or installation. Some custom policy files can be 106 found below: </para> 107 <screen><ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt</ulink> 108 Checks integrity of all files 109 <ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt</ulink> 110 Custom policy file for Base LFS 3.0 system 111 <ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt</ulink> 112 Custom policy file for SuSE 7.2 system</screen> 113 114 <para>Download the custom policy file you'd like to try, copy it into 115 <filename class="directory">/etc/tripwire/</filename>, and use it instead of 116 <filename>twpol.txt</filename>. It is, however, recommended that you make your own policy file. 117 Get ideas from the examples above and read <filename> 118 /usr/share/doc/tripwire/policyguide.txt</filename>. <filename>twpol.txt 119 </filename> is a good policy file for beginners as it will note any changes to 120 the file system and can even be used as an annoying way of keeping track of 121 changes for uninstallation of software.</para> 122 123 <para>After your policy file has been transferred to <filename 124 class="directory">/etc/tripwire/</filename> you may begin the configuration steps:</para> 125 126 <screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt && 127 tripwire -m i</command></userinput></screen> 128 129 <para>During installation <application>Tripwire</application> will create two 130 (2) keys: a site key and a local key which will be stored in <filename 131 class="directory">/etc/tripwire/</filename>.</para> 132 133 </sect3> 134 135 <sect3><title>Usage Information</title> 136 <para>To use <application>Tripwire</application> after this and run a report, 137 use the following command:</para> 138 139 <screen><userinput><command>tripwire -m c > /etc/tripwire/report.txt</command></userinput></screen> 140 141 <para>View the output to check the integrity of your files. An automatic 142 integrity report can be produced by using a cron facility to schedule 143 the runs. </para> 144 145 <para>Please note that after you run an integrity check, you must check 146 the report or email and then modify the 147 <application>Tripwire</application> database of the files 148 on your system so that <application>Tripwire</application> will not continually notify you that 149 files you intentionally changed are a security violation. To do this you 150 must first <command>ls -l /var/lib/tripwire/report/</command> and note 151 the name of the newest file which starts with <filename>linux-</filename> and 152 ends in <filename>.twr</filename>. This encrypted file was created during the 153 last report creation and is needed to update the 154 <application>Tripwire</application> database of your 155 system. Then, type in the following command making the appropriate 156 substitutions for '?':</para> 157 <screen><userinput><command>tripwire -m u -r /var/lib/tripwire/report/linux-???????-??????.twr </command></userinput></screen> 158 159 <para>You will be placed into vim with a copy of the report in front of you. If 160 all the changes were good, then just type <command>:x</command> and after 161 entering your local key, the database will be updated. If there are files which 162 you still want to be warned about, please remove the x before the filename in 163 the report and type <command>:x</command>. </para> 164 165 </sect3> 166 167 <sect3><title>Changing the Policy File</title> 168 169 <para>If you are unhappy with your policy file and would like to modify it or 170 use a new one, modify the policy file and then execute the following 171 commands:</para> 172 <screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt && 173 tripwire -m i</command></userinput></screen> 174 175 </sect3> 176 177 </sect2> 178 179 <sect2> 180 <title>Contents</title> 181 182 <para>The <application>Tripwire</application> package contains <command>siggen 183 </command>, 184 <command>tripwire</command>, <command>twadmin</command> 185 and <command>twprint</command>.</para> 186 187 </sect2> 10 188 11 189 </sect1>
Note:
See TracChangeset
for help on using the changeset viewer.