Changeset cffe62a2
- Timestamp:
- 04/21/2008 04:36:18 AM (16 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 6deeee2
- Parents:
- 4751980e
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/tripwire.xml
r4751980e rcffe62a2 106 106 stored in <filename class="directory">/etc/tripwire/</filename>.</para> 107 107 108 109 110 108 <para><command>cp -v policy/*.txt /usr/doc/tripwire</command>: This command 109 installs the <application>tripwire</application> sample policy files with 110 the other <application>tripwire</application> documentation.</para> 111 111 112 112 </sect2> … … 135 135 system.</para> 136 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 137 <para>Policy files should be tailored to each individual distribution 138 and/or installation. Some example policy files can be found in <filename 139 class="directory">/usr/doc/tripwire/</filename> (Note that <filename 140 class="directory">/usr/doc/</filename> is a symbolic link on LFS systems 141 to <filename class="directory">/usr/share/doc/</filename>).</para> 142 143 <para>If desired, copy the policy file you'd like to try into <filename 144 class="directory">/etc/tripwire/</filename> instead of using the default 145 policy file, <filename>twpol.txt</filename>. It is, however, recommended 146 that you edit your policy file. Get ideas from the examples above and 147 read <filename>/usr/doc/tripwire/policyguide.txt</filename> for 148 additional information. <filename>twpol.txt</filename> is a good policy 149 file for learning about <application>Tripwire</application> as it will 150 note any changes to the file system and can even be used as an annoying 151 way of keeping track of changes for uninstallation of software.</para> 152 153 <para>After your policy file has been edited to your satisfaction you may 154 begin the configuration steps (perform as the <systemitem 155 class='username'>root</systemitem>):</para> 156 156 157 157 <screen role="root"><userinput>twadmin --create-polfile --site-keyfile /etc/tripwire/site.key \ … … 160 160 161 161 <para>Depending on your system and the contents of the policy file, the 162 162 initialization phase above can take a relatively long time.</para> 163 163 164 164 </sect3> … … 167 167 <title>Usage Information</title> 168 168 169 170 171 172 173 174 175 176 169 <para><application>Tripwire</application> will identify file changes in 170 the critical system files specified in the policy file. Using 171 <application>Tripwire</application> while making frequent changes to 172 these directories will flag all these changes. It is most useful after a 173 system has reached a configuration that the user considers stable.</para> 174 175 <para>To use <application>Tripwire</application> after creating a policy 176 file to run a report, use the following command:</para> 177 177 178 178 <screen role="root"><userinput>tripwire --check > /etc/tripwire/report.txt</userinput></screen> 179 179 180 181 182 183 184 185 180 <para>View the output to check the integrity of your files. An automatic 181 integrity report can be produced by using a cron facility to schedule the 182 runs.</para> 183 184 <para>Reports are stored in binary and, if desired, encrypted. View reports, 185 as the <systemitem class="username">root</systemitem> user, with:</para> 186 186 187 187 <screen role="root">twprint --print-report -r /var/lib/tripwire/report/<replaceable><report-name.twr></replaceable></screen> 188 188 189 190 191 192 193 194 195 196 197 198 199 200 201 189 <para>After you run an integrity check, you should examine the 190 report (or email) and then modify the <application>Tripwire</application> 191 database to reflect the changed files on your system. This is so that 192 <application>Tripwire</application> will not continually notify you that 193 files you intentionally changed are a security violation. To do this you 194 must first <command>ls -l /var/lib/tripwire/report/</command> and note 195 the name of the newest file which starts with your system name as 196 presented by the command <userinput>uname -n</userinput> 197 and ends in <filename>.twr</filename>. These files were created 198 during report creation and the most current one is needed to update the 199 <application>Tripwire</application> database of your system. As the 200 <systemitem class='username'>root</systemitem> user, type in the 201 following command making the appropriate report name:</para> 202 202 203 203 <screen role="root"><userinput>tripwire --update --twrfile /var/lib/tripwire/report/<replaceable><report-name.twr></replaceable></userinput></screen>
Note:
See TracChangeset
for help on using the changeset viewer.