Changeset dc94017e for postlfs/security
- Timestamp:
- 12/22/2004 03:48:05 AM (20 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 12.2, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gimp3, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/for-12.3, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/spidermonkey128, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- def11b7
- Parents:
- 1586494
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/tripwire.xml
r1586494 rdc94017e 5 5 %general-entities; 6 6 7 <!ENTITY tripwire-download-http "http:// prdownloads.sourceforge.net/tripwire/tripwire-&tripwire-version;.tar.gz">8 <!ENTITY tripwire-download-ftp " ftp://ftp.fu-berlin.de/unix/security/tripwire/tripwire-&tripwire-version;.tar.gz">9 <!ENTITY tripwire-size " 1.4 MB">10 <!ENTITY tripwire-buildsize " 63MB">11 <!ENTITY tripwire-time "2. 35SBU">7 <!ENTITY tripwire-download-http "http://www.frenchfries.net/paul/tripwire/tripwire-&tripwire-version;.tar.gz"> 8 <!ENTITY tripwire-download-ftp " "> 9 <!ENTITY tripwire-size "869 KB"> 10 <!ENTITY tripwire-buildsize "22 MB"> 11 <!ENTITY tripwire-time "2.96 SBU"> 12 12 ]> 13 13 14 <sect1 id="tripwire " xreflabel="Tripwire-&tripwire-version;">14 <sect1 id="tripwire-portable" xreflabel="Tripwire-&tripwire-version;"> 15 15 <sect1info> 16 16 <othername>$LastChangedBy$</othername> … … 39 39 </sect3> 40 40 41 <sect3><title>Additional downloads</title>42 <itemizedlist spacing='compact'>43 <listitem><para>Required patch to fix multiple build issues (see patch for44 more information): <ulink45 url="&patch-root;/tripwire-&tripwire-version;-gcc3_build_fixes-1.patch"/></para></listitem>46 </itemizedlist>47 </sect3>48 49 41 <sect3><title><application>Tripwire</application> dependencies</title> 50 42 <sect4><title>Optional</title> … … 60 52 commands:</para> 61 53 62 <screen><userinput><command>patch -Np1 -i ../tripwire-&tripwire-version;-gcc3_build_fixes-1.patch && 63 make -C src release && 64 cp install/install.{sh,cfg} .</command></userinput></screen> 54 <screen><userinput><command>sed -i -e 's@TWDB="${prefix}@TWDB="/var/lib@' install/install.cfg && 55 ./configure --prefix=/usr --sysconfdir=/etc/tripwire && 56 make && 57 make install && 58 cp policy/*.txt /usr/share/doc/tripwire</command></userinput></screen> 65 59 66 60 <para>The default configuration is to use a local <acronym>MTA</acronym>. If 67 61 you don't have an <acronym>MTA</acronym> installed and have no wish to install 68 62 one, modify <filename>install.cfg</filename> to use an <acronym>SMTP</acronym> 69 server instead. Install <application>Tripwire</application> by running the 70 following commands:</para> 71 72 <screen><userinput><command>./install.sh && 73 cp /etc/tripwire/tw.cfg /usr/sbin && 74 cp policy/*.txt /usr/share/doc/tripwire</command></userinput></screen> 63 server instead.</para> 75 64 76 65 </sect2> … … 79 68 <title>Command explanations</title> 80 69 81 <para><command>make release</command>: This command creates the 82 <application>Tripwire</application> binaries.</para> 83 84 <para><command>cp install.{sh,cfg} .</command>: These files are copied to 85 the main <application>Tripwire</application> directory so that the script 86 can be used to install the package.</para> 70 <para><command>sed -i -e 's@TWDB="${prefix}@TWDB="/var/lib@' install/install.cfg</command>: 71 This command tells the package to install the program database and reports in 72 <filename>/var/lib/tripwire</filename>.</para> 73 74 <para><command>make install</command>: This command creates the 75 <application>Tripwire</application> security keys as well as installing the 76 binaries. There are two keys: a site key and a local key which are stored in 77 <filename class="directory">/etc/tripwire/</filename>.</para> 87 78 88 79 <para><command>cp policy/*.txt /usr/share/doc/tripwire</command>: This command … … 103 94 files are integrity checked. The default policy file 104 95 (<filename>/etc/tripwire/twpol.txt</filename>) is for a default 105 installation of Redhat 7.0 and is woefully outdated.</para> 106 107 <para>Policy files are also a custom thing and should be tailored to each 108 individual distribution and/or installation. Some custom policy files can be 109 found below: </para> 96 installation Redhat and will need to be updated for your system.</para> 97 98 <para>Policy files should be tailored to each individual distribution and/or 99 installation. Some custom policy files can be found below: </para> 110 100 111 101 <screen><ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt"/> … … 129 119 configuration steps:</para> 130 120 131 <screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt && 132 tripwire -m i</command></userinput></screen> 133 134 <para>During installation <application>Tripwire</application> will create two 135 keys: a site key and a local key which are stored in 136 <filename class="directory">/etc/tripwire/</filename>.</para> 121 <screen><userinput><command>twadmin --create-polfile --site-keyfile=/etc/tripwire site.key /etc/tripwire/twpol.txt && 122 tripwire --init</command></userinput></screen> 137 123 138 124 </sect3> … … 142 128 to run a report, use the following command:</para> 143 129 144 <screen><userinput><command>tripwire - m c> /etc/tripwire/report.txt</command></userinput></screen>130 <screen><userinput><command>tripwire --check > /etc/tripwire/report.txt</command></userinput></screen> 145 131 146 132 <para>View the output to check the integrity of your files. An automatic … … 161 147 substitutions for <replaceable>[?]</replaceable>:</para> 162 148 163 <screen><userinput><command>tripwire - m u -r/var/lib/tripwire/report/linux-<replaceable>[???????]</replaceable>-<replaceable>[??????]</replaceable>.twr</command></userinput></screen>149 <screen><userinput><command>tripwire --update -twrfile /var/lib/tripwire/report/linux-<replaceable>[???????]</replaceable>-<replaceable>[??????]</replaceable>.twr</command></userinput></screen> 164 150 165 151 <para>You will be placed into <application>vim</application> with a copy of … … 177 163 commands:</para> 178 164 179 <screen><userinput><command>twadmin - m P/etc/tripwire/twpol.txt &&180 tripwire - m i</command></userinput></screen>165 <screen><userinput><command>twadmin --create-polfile /etc/tripwire/twpol.txt && 166 tripwire --init</command></userinput></screen> 181 167 182 168 </sect3> … … 186 172 <sect2> 187 173 <title>Contents</title> 188 189 <para>The <application>Tripwire</application> package contains 190 <command>siggen</command>, <command>tripwire</command>, 191 <command>twadmin</command> and <command>twprint</command>.</para> 192 193 </sect2> 194 195 <sect2> 196 <title>Description</title> 197 198 <sect3> 199 <title>siggen</title> 200 <para><command>siggen</command> is a signature gathering utility that displays 201 the hash function values for the specified files.</para></sect3> 202 203 <sect3> 204 <title>tripwire</title> 205 <para><command>tripwire</command> is the main file integrity checking program. 206 </para></sect3> 207 208 <sect3> 209 <title>twadmin</title> 210 <para><command>twadmin</command> is <application>Tripwire</application>'s 211 administrative and utility tool used to perform certain administrative 212 functions related to <application>Tripwire</application> files and 213 configuration options.</para></sect3> 214 215 <sect3> 216 <title>twprint</title> 217 <para><command>twprint</command> prints <application>Tripwire</application> 218 database and report files in clear text format.</para></sect3> 174 <segmentedlist> 175 <segtitle>Installed Programs</segtitle> 176 <seglistitem> 177 <seg>siggen, tripwire, twadmin and twprint.</seg> 178 </seglistitem> 179 </segmentedlist> 180 181 <variablelist> 182 <bridgehead renderas="sect3">Short Descriptions</bridgehead> 183 <?dbfo list-presentation="list"?> 184 185 <varlistentry id="siggen"> 186 <term><command>siggen</command></term> 187 <listitem><para>is a signature gathering utility that displays 188 the hash function values for the specified files.</para> 189 </listitem> 190 </varlistentry> 191 192 <varlistentry id='tripwire'> 193 <term><command>tripwire</command></term> 194 <listitem><para>is the main file integrity checking program.</para></listitem> 195 </varlistentry> 196 197 <varlistentry id='twadmin'> 198 <term><command>twadmin</command></term> 199 <listitem><para>administrative and utility tool used to perform 200 certain administrative functions related to 201 <application>Tripwire</application> files and configuration options.</para> 202 </listitem> 203 </varlistentry> 204 205 <varlistentry id='twprint'> 206 <term><command>twprint</command></term> 207 <listitem><para>prints <application>Tripwire</application> 208 database and report files in clear text format.</para> 209 </listitem> 210 </varlistentry> 211 </variablelist> 219 212 220 213 </sect2>
Note:
See TracChangeset
for help on using the changeset viewer.