Changeset e40cb61 for postlfs


Ignore:
Timestamp:
07/01/2004 03:36:22 AM (20 years ago)
Author:
Randy McMurchy <randy@…>
Branches:
10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
Children:
359e1043
Parents:
2197589
Message:

Minor clean-up to GnuPG and Tripwire

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2405 af4574ff-66df-0310-9fd7-8a98e5e911e0

Location:
postlfs/security
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • postlfs/security/gnupg.xml

    r2197589 re40cb61  
    2020
    2121<para>The <application>GnuPG</application> package contains a public/private
    22 key encryptor. This is
    23 becoming useful for signing files or emails as proof of identity and
    24 preventing tampering with contents of the file or email.</para>
     22key encryptor. This is becoming useful for signing files or emails as proof
     23of identity and preventing tampering with contents of the file or email.</para>
    2524
    2625<sect3><title>Package information</title>
     
    3938<sect3><title><application>GnuPG</application> dependencies</title>
    4039<sect4><title>Optional</title>
    41 <para><xref linkend="openldap"/></para></sect4>
     40<para><xref linkend="openldap"/> and
     41<ulink url="../server/mail.html">MTA</ulink></para></sect4>
    4242</sect3>
    4343
     
    4747<title>Installation of <application>GnuPG</application></title>
    4848
    49 <para>Install <application>GnuPG</application> by running the following commands:</para>
     49<para>Install <application>GnuPG</application> by running the following
     50commands:</para>
    5051
    5152<screen><userinput><command>./configure --prefix=/usr --libexecdir=/usr/lib &amp;&amp;
     
    7273<title>Contents</title>
    7374
    74 <para>The <application>GnuPG</application> package contains <command>gpg</command>,
    75 <command>gpgsplit</command> and <command>gpgv</command>.</para>
     75<para>The <application>GnuPG</application> package contains
     76<command>gpg</command>,
     77<command>gpgsplit</command> and
     78<command>gpgv</command>.</para>
    7679
    7780</sect2>

  • postlfs/security/tripwire.xml

    r2197589 re40cb61  
    1919<title>Introduction to <application>Tripwire</application></title>
    2020
    21 <para>The <application>Tripwire</application> package contains the programs
    22 used by <application>Tripwire</application> to verify the integrity of the
    23 files on a given system.</para>
     21<para>The <application>Tripwire</application> package contains programs used
     22to verify the integrity of the files on a given system.</para>
    2423
    2524<sect3><title>Package information</title>
     
    3837<sect3><title>Additional downloads</title>
    3938<itemizedlist spacing='compact'>
    40 <listitem><para>Required patch to fix multiple build issues (see patch for more information):
    41 <ulink url="&patch-root;/tripwire-&tripwire-version;-gcc3_build_fixes-1.patch"/></para></listitem>
     39<listitem><para>Required patch to fix multiple build issues (see patch for
     40more information): <ulink
     41url="&patch-root;/tripwire-&tripwire-version;-gcc3_build_fixes-1.patch"/></para></listitem>
    4242</itemizedlist>
    4343</sect3>
     
    4545<sect3><title><application>Tripwire</application> dependencies</title>
    4646<sect4><title>Optional</title>
    47 <para>MTA (See <xref linkend="server-mail"/>)</para></sect4>
     47<para><acronym>MTA</acronym> (See <xref linkend="server-mail"/>)</para></sect4>
    4848</sect3>
    4949
     
    6060cp install/install.{sh,cfg} .</command></userinput></screen>
    6161
    62 <para>The default configuration is to use a local MTA. If you don't have
    63 an MTA installed and have no wish to install one, modify
    64 <filename>install.cfg</filename> to use an SMTP server instead.
    65 Install <application>Tripwire</application> by running the following
    66 commands:</para>
     62<para>The default configuration is to use a local <acronym>MTA</acronym>. If
     63you don't have an <acronym>MTA</acronym> installed and have no wish to install
     64one, modify <filename>install.cfg</filename> to use an <acronym>SMTP</acronym>
     65server instead. Install <application>Tripwire</application> by running the
     66following commands:</para>
    6767
    6868<screen><userinput><command>./install.sh &amp;&amp;
     
    9191
    9292<sect3><title>Config files</title>
    93 <para><filename class="directory">/etc/tripwire</filename></para>
     93<para><filename>/etc/tripwire/*</filename></para>
    9494</sect3>
    9595
     
    9797
    9898<para><application>Tripwire</application> uses a policy file to determine which
    99 files are integrity checked. The default policy file (<filename>twpol.txt
    100 </filename> found in <filename class="directory">/etc/tripwire/</filename>) is for a default
     99files are integrity checked. The default policy file
     100(<filename>/etc/tripwire/twpol.txt</filename>) is for a default
    101101installation of Redhat 7.0 and is woefully outdated.</para>
    102102
     
    104104individual distribution and/or installation. Some custom policy files can be
    105105found below: </para>
    106 <screen><ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt</ulink>
     106
     107<screen><ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt"/>
    107108Checks integrity of all files
    108 <ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt</ulink>
     109<ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt"/>
    109110Custom policy file for Base LFS 3.0 system
    110 <ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt">http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt</ulink>
     111<ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt"/>
    111112Custom policy file for SuSE 7.2 system</screen>
    112113
     
    115116<filename>twpol.txt</filename>. It is, however, recommended that you make
    116117your own policy file. Get ideas from the examples above and read
    117 <filename> /usr/share/doc/tripwire/policyguide.txt</filename>.
    118 <filename>twpol.txt</filename> is a good policy file for beginners as it
    119 will note any changes to the file system and can even be used as an annoying
    120 way of keeping track of changes for uninstallation of software.</para>
    121 
    122 <para>After your policy file has been transferred to <filename
    123 class="directory">/etc/tripwire/</filename> you may begin the configuration
    124 steps:</para>
     118<filename>/usr/share/doc/tripwire/policyguide.txt</filename> for additional
     119information. <filename>twpol.txt</filename> is a good policy file for beginners
     120as it will note any changes to the file system and can even be used as an
     121annoying way of keeping track of changes for uninstallation of software.</para>
     122
     123<para>After your policy file has been transferred to
     124<filename class="directory">/etc/tripwire/</filename> you may begin the
     125configuration steps:</para>
    125126
    126127<screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
     
    128129
    129130<para>During installation <application>Tripwire</application> will create two
    130 (2) keys: a site key and a local key which will be stored in <filename
    131 class="directory">/etc/tripwire/</filename>.</para>
     131keys: a site key and a local key which are stored in
     132<filename class="directory">/etc/tripwire/</filename>.</para>
    132133
    133134</sect3>
    134135
    135136<sect3><title>Usage Information</title>
    136 <para>To use <application>Tripwire</application> after this and run a report,
    137 use the following command:</para>
     137<para>To use <application>Tripwire</application> after creating a policy file
     138to run a report, use the following command:</para>
    138139
    139140<screen><userinput><command>tripwire -m c &gt; /etc/tripwire/report.txt</command></userinput></screen>
     
    141142<para>View the output to check the integrity of your files. An automatic
    142143integrity report can be produced by using a cron facility to schedule
    143 the runs. </para>
     144the runs.</para>
    144145
    145146<para>Please note that after you run an integrity check, you must examine
     
    154155<application>Tripwire</application> database of your
    155156system. Then, type in the following command making the appropriate
    156 substitutions for '?':</para>
    157 <screen><userinput><command>tripwire -m u -r /var/lib/tripwire/report/linux-???????-??????.twr </command></userinput></screen>
    158 
    159 <para>You will be placed into vim with a copy of the report in front of you. If
    160 all the changes were good, then just type <command>:x</command> and after
    161 entering your local key, the database will be updated. If there are files which
    162 you still want to be warned about, remove the x before the filename in
    163 the report and type <command>:x</command>.</para>
     157substitutions for <replaceable>[?]</replaceable>:</para>
     158
     159<screen><userinput><command>tripwire -m u -r /var/lib/tripwire/report/linux-<replaceable>[???????]</replaceable>-<replaceable>[??????]</replaceable>.twr</command></userinput></screen>
     160
     161<para>You will be placed into <application>vim</application> with a copy of
     162the report in front of you. If all the changes were good, then just type
     163<command>:x</command> and after entering your local key, the database will be
     164updated. If there are files which you still want to be warned about, remove the
     165'x' before the filename in the report and type <command>:x</command>.</para>
    164166
    165167</sect3>
     
    170172use a new one, modify the policy file and then execute the following
    171173commands:</para>
     174
    172175<screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
    173176tripwire -m i</command></userinput></screen>
     
    186189</sect2>
    187190
     191<sect2>
     192<title>Description</title>
     193
     194<sect3>
     195<title>siggen</title>
     196<para><command>siggen</command> is a signature gathering utility that displays
     197the hash function values for the specified files.</para></sect3>
     198
     199<sect3>
     200<title>tripwire</title>
     201<para><command>tripwire</command> is the main file integrity checking program.
     202</para></sect3>
     203
     204<sect3>
     205<title>twadmin</title>
     206<para><command>twadmin</command> is <application>Tripwire</application>'s
     207administrative and utility tool used to perform certain administrative
     208functions related to <application>Tripwire</application> files and
     209configuration options.</para></sect3>
     210
     211<sect3>
     212<title>twprint</title>
     213<para><command>twprint</command> prints <application>Tripwire</application>
     214database and report files in clear text format.</para></sect3>
     215
     216</sect2>
     217
    188218</sect1>
    189219
Note: See TracChangeset for help on using the changeset viewer.