Changeset e40cb61
- Timestamp:
- 07/01/2004 03:36:22 AM (20 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 359e1043
- Parents:
- 2197589
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
introduction/welcome/changelog.xml
r2197589 re40cb61 18 18 19 19 <itemizedlist> 20 21 <listitem><para>June 30th, 2004 [randy]: Minor clean-up to GnuPG and 22 Tripwire.</para></listitem> 20 23 21 24 <listitem><para>June 30th, 2004 [randy]: Updated to iptables-1.2.11; added -
postlfs/security/gnupg.xml
r2197589 re40cb61 20 20 21 21 <para>The <application>GnuPG</application> package contains a public/private 22 key encryptor. This is 23 becoming useful for signing files or emails as proof of identity and 24 preventing tampering with contents of the file or email.</para> 22 key encryptor. This is becoming useful for signing files or emails as proof 23 of identity and preventing tampering with contents of the file or email.</para> 25 24 26 25 <sect3><title>Package information</title> … … 39 38 <sect3><title><application>GnuPG</application> dependencies</title> 40 39 <sect4><title>Optional</title> 41 <para><xref linkend="openldap"/></para></sect4> 40 <para><xref linkend="openldap"/> and 41 <ulink url="../server/mail.html">MTA</ulink></para></sect4> 42 42 </sect3> 43 43 … … 47 47 <title>Installation of <application>GnuPG</application></title> 48 48 49 <para>Install <application>GnuPG</application> by running the following commands:</para> 49 <para>Install <application>GnuPG</application> by running the following 50 commands:</para> 50 51 51 52 <screen><userinput><command>./configure --prefix=/usr --libexecdir=/usr/lib && … … 72 73 <title>Contents</title> 73 74 74 <para>The <application>GnuPG</application> package contains <command>gpg</command>, 75 <command>gpgsplit</command> and <command>gpgv</command>.</para> 75 <para>The <application>GnuPG</application> package contains 76 <command>gpg</command>, 77 <command>gpgsplit</command> and 78 <command>gpgv</command>.</para> 76 79 77 80 </sect2> -
postlfs/security/tripwire.xml
r2197589 re40cb61 19 19 <title>Introduction to <application>Tripwire</application></title> 20 20 21 <para>The <application>Tripwire</application> package contains the programs 22 used by <application>Tripwire</application> to verify the integrity of the 23 files on a given system.</para> 21 <para>The <application>Tripwire</application> package contains programs used 22 to verify the integrity of the files on a given system.</para> 24 23 25 24 <sect3><title>Package information</title> … … 38 37 <sect3><title>Additional downloads</title> 39 38 <itemizedlist spacing='compact'> 40 <listitem><para>Required patch to fix multiple build issues (see patch for more information): 41 <ulink url="&patch-root;/tripwire-&tripwire-version;-gcc3_build_fixes-1.patch"/></para></listitem> 39 <listitem><para>Required patch to fix multiple build issues (see patch for 40 more information): <ulink 41 url="&patch-root;/tripwire-&tripwire-version;-gcc3_build_fixes-1.patch"/></para></listitem> 42 42 </itemizedlist> 43 43 </sect3> … … 45 45 <sect3><title><application>Tripwire</application> dependencies</title> 46 46 <sect4><title>Optional</title> 47 <para> MTA(See <xref linkend="server-mail"/>)</para></sect4>47 <para><acronym>MTA</acronym> (See <xref linkend="server-mail"/>)</para></sect4> 48 48 </sect3> 49 49 … … 60 60 cp install/install.{sh,cfg} .</command></userinput></screen> 61 61 62 <para>The default configuration is to use a local MTA. If you don't have63 an MTA installed and have no wish to install one, modify64 <filename>install.cfg</filename> to use an SMTP server instead. 65 Install <application>Tripwire</application> by running the following66 commands:</para>62 <para>The default configuration is to use a local <acronym>MTA</acronym>. If 63 you don't have an <acronym>MTA</acronym> installed and have no wish to install 64 one, modify <filename>install.cfg</filename> to use an <acronym>SMTP</acronym> 65 server instead. Install <application>Tripwire</application> by running the 66 following commands:</para> 67 67 68 68 <screen><userinput><command>./install.sh && … … 91 91 92 92 <sect3><title>Config files</title> 93 <para><filename class="directory">/etc/tripwire</filename></para>93 <para><filename>/etc/tripwire/*</filename></para> 94 94 </sect3> 95 95 … … 97 97 98 98 <para><application>Tripwire</application> uses a policy file to determine which 99 files are integrity checked. The default policy file (<filename>twpol.txt100 </filename> found in <filename class="directory">/etc/tripwire/</filename>) is for a default99 files are integrity checked. The default policy file 100 (<filename>/etc/tripwire/twpol.txt</filename>) is for a default 101 101 installation of Redhat 7.0 and is woefully outdated.</para> 102 102 … … 104 104 individual distribution and/or installation. Some custom policy files can be 105 105 found below: </para> 106 <screen><ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt</ulink> 106 107 <screen><ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt"/> 107 108 Checks integrity of all files 108 <ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt" >http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt</ulink>109 <ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt"/> 109 110 Custom policy file for Base LFS 3.0 system 110 <ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt" >http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt</ulink>111 <ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt"/> 111 112 Custom policy file for SuSE 7.2 system</screen> 112 113 … … 115 116 <filename>twpol.txt</filename>. It is, however, recommended that you make 116 117 your own policy file. Get ideas from the examples above and read 117 <filename> /usr/share/doc/tripwire/policyguide.txt</filename>.118 <filename>twpol.txt</filename> is a good policy file for beginners as it119 will note any changes to the file system and can even be used as an annoying120 way of keeping track of changes for uninstallation of software.</para>121 122 <para>After your policy file has been transferred to <filename123 class="directory">/etc/tripwire/</filename> you may begin the configuration124 steps:</para>118 <filename>/usr/share/doc/tripwire/policyguide.txt</filename> for additional 119 information. <filename>twpol.txt</filename> is a good policy file for beginners 120 as it will note any changes to the file system and can even be used as an 121 annoying way of keeping track of changes for uninstallation of software.</para> 122 123 <para>After your policy file has been transferred to 124 <filename class="directory">/etc/tripwire/</filename> you may begin the 125 configuration steps:</para> 125 126 126 127 <screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt && … … 128 129 129 130 <para>During installation <application>Tripwire</application> will create two 130 (2) keys: a site key and a local key which will be stored in <filename 131 class="directory">/etc/tripwire/</filename>.</para>131 keys: a site key and a local key which are stored in 132 <filename class="directory">/etc/tripwire/</filename>.</para> 132 133 133 134 </sect3> 134 135 135 136 <sect3><title>Usage Information</title> 136 <para>To use <application>Tripwire</application> after this and run a report,137 use the following command:</para>137 <para>To use <application>Tripwire</application> after creating a policy file 138 to run a report, use the following command:</para> 138 139 139 140 <screen><userinput><command>tripwire -m c > /etc/tripwire/report.txt</command></userinput></screen> … … 141 142 <para>View the output to check the integrity of your files. An automatic 142 143 integrity report can be produced by using a cron facility to schedule 143 the runs. 144 the runs.</para> 144 145 145 146 <para>Please note that after you run an integrity check, you must examine … … 154 155 <application>Tripwire</application> database of your 155 156 system. Then, type in the following command making the appropriate 156 substitutions for '?':</para> 157 <screen><userinput><command>tripwire -m u -r /var/lib/tripwire/report/linux-???????-??????.twr </command></userinput></screen> 158 159 <para>You will be placed into vim with a copy of the report in front of you. If 160 all the changes were good, then just type <command>:x</command> and after 161 entering your local key, the database will be updated. If there are files which 162 you still want to be warned about, remove the x before the filename in 163 the report and type <command>:x</command>.</para> 157 substitutions for <replaceable>[?]</replaceable>:</para> 158 159 <screen><userinput><command>tripwire -m u -r /var/lib/tripwire/report/linux-<replaceable>[???????]</replaceable>-<replaceable>[??????]</replaceable>.twr</command></userinput></screen> 160 161 <para>You will be placed into <application>vim</application> with a copy of 162 the report in front of you. If all the changes were good, then just type 163 <command>:x</command> and after entering your local key, the database will be 164 updated. If there are files which you still want to be warned about, remove the 165 'x' before the filename in the report and type <command>:x</command>.</para> 164 166 165 167 </sect3> … … 170 172 use a new one, modify the policy file and then execute the following 171 173 commands:</para> 174 172 175 <screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt && 173 176 tripwire -m i</command></userinput></screen> … … 186 189 </sect2> 187 190 191 <sect2> 192 <title>Description</title> 193 194 <sect3> 195 <title>siggen</title> 196 <para><command>siggen</command> is a signature gathering utility that displays 197 the hash function values for the specified files.</para></sect3> 198 199 <sect3> 200 <title>tripwire</title> 201 <para><command>tripwire</command> is the main file integrity checking program. 202 </para></sect3> 203 204 <sect3> 205 <title>twadmin</title> 206 <para><command>twadmin</command> is <application>Tripwire</application>'s 207 administrative and utility tool used to perform certain administrative 208 functions related to <application>Tripwire</application> files and 209 configuration options.</para></sect3> 210 211 <sect3> 212 <title>twprint</title> 213 <para><command>twprint</command> prints <application>Tripwire</application> 214 database and report files in clear text format.</para></sect3> 215 216 </sect2> 217 188 218 </sect1> 189 219
Note:
See TracChangeset
for help on using the changeset viewer.