Changeset fb3d3afd for postlfs/security
- Timestamp:
- 04/21/2008 01:53:35 AM (16 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 12.2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gimp3, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/for-12.3, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/spidermonkey128, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- c9d91e8a
- Parents:
- 81066706
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/tripwire.xml
r81066706 rfb3d3afd 5 5 %general-entities; 6 6 7 <!-- Inserted as a reminder to do this. The mention of a test suite8 is usually right before the root user installation commands. Please9 delete these 12 (including one blank) lines after you are done.-->10 11 <!-- Use one of the two mentions below about a test suite,12 delete the line that is not applicable. Of course, if the13 test suite uses syntax other than "make check", revise the14 line to reflect the actual syntax to run the test suite -->15 16 <!-- <para>This package does not come with a test suite.</para> -->17 <!-- <para>To test the results, issue: <command>make check</command>.</para> -->18 19 7 <!ENTITY tripwire-download-http "http://downloads.sourceforge.net/tripwire/tripwire-&tripwire-version;-src.tar.bz2"> 20 8 <!ENTITY tripwire-download-ftp " "> 21 <!ENTITY tripwire-md5sum " b371f79ac23cacc9ad40b1da76b4a0c4">22 <!ENTITY tripwire-size " 1.2 MB">23 <!ENTITY tripwire-buildsize " 37MB">9 <!ENTITY tripwire-md5sum "1147c278b528ed593023912c4b649a"> 10 <!ENTITY tripwire-size "700 KB"> 11 <!ENTITY tripwire-buildsize "28 MB"> 24 12 <!ENTITY tripwire-time "1.6 SBU"> 25 13 ]> … … 67 55 </itemizedlist> 68 56 69 <bridgehead renderas="sect3">Additional Downloads</bridgehead>70 <itemizedlist spacing="compact">71 <listitem>72 <para>Required patch:73 <ulink url="&patch-root;/tripwire-&tripwire-version;-gcc4_build_fixes-1.patch"/>74 </para>75 </listitem>76 </itemizedlist>77 78 57 <bridgehead renderas="sect3">Tripwire Dependencies</bridgehead> 79 58 … … 96 75 commands:</para> 97 76 98 <screen><userinput>ln -s contrib install && 99 patch -Np1 -i ../tripwire-&tripwire-version;-gcc4_build_fixes-1.patch && 100 sed -i -e 's@TWDB="${prefix}@TWDB="/var@' install/install.cfg && 77 <screen><userinput>sed -i -e 's@TWDB="${prefix}@TWDB="/var@' install/install.cfg && 101 78 ./configure --prefix=/usr --sysconfdir=/etc/tripwire && 102 79 make</userinput></screen> … … 107 84 server instead. Otherwise the install will fail.</para></warning> 108 85 86 <para>This package does not come with a test suite.</para> 87 109 88 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 110 89 111 90 <screen role="root"><userinput>make install && 112 cp -v policy/*.txt /usr/ share/doc/tripwire</userinput></screen>91 cp -v policy/*.txt /usr/doc/tripwire</userinput></screen> 113 92 114 93 </sect2> … … 116 95 <sect2 role="commands"> 117 96 <title>Command Explanations</title> 118 119 <para><command>ln -s contrib install</command>: This command creates120 a symbolic link in the build directory needed for installation.</para>121 97 122 98 <para><command>sed -i -e 's@TWDB="${prefix}@TWDB="/var@' … … 130 106 stored in <filename class="directory">/etc/tripwire/</filename>.</para> 131 107 132 <para><command>cp -v policy/*.txt /usr/share/doc/tripwire</command>: This 133 command installs the documentation.</para> 108 <para><command>cp -v policy/*.txt /usr/doc/tripwire</command>: This command 109 installs the <application>tripwire</application> sample policy files with 110 the other <application>tripwire</application> documentation.</para> 134 111 135 112 </sect2> … … 155 132 determine which files are integrity checked. The default policy 156 133 file (<filename>/etc/tripwire/twpol.txt</filename>) is for a 157 default Redhatinstallation and will need to be updated for your134 default installation and will need to be updated for your 158 135 system.</para> 159 136 160 <para>Policy files should be tailored to each individual distribution 161 and/or installation. Some custom policy files can be found below:</para> 162 163 <literallayout><ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt"/> 164 Checks integrity of all files 165 <ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt"/> 166 Custom policy file for Base LFS 3.0 system 167 <ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt"/> 168 Custom policy file for SuSE 7.2 system</literallayout> 169 170 <para>Download the custom policy file you'd like to try, copy it into 171 <filename class="directory">/etc/tripwire/</filename>, and use it instead 172 of <filename>twpol.txt</filename>. It is, however, recommended that you 173 make your own policy file. Get ideas from the examples above and read 174 <filename>/usr/share/doc/tripwire/policyguide.txt</filename> for 175 additional information. <filename>twpol.txt</filename> is a good policy 176 file for beginners as it will note any changes to the file system and can 177 even be used as an annoying way of keeping track of changes for 178 uninstallation of software.</para> 179 180 <para>After your policy file has been transferred to 181 <filename class="directory">/etc/tripwire/</filename> you may begin 182 the configuration steps (perform as the 183 <systemitem class='username'>root</systemitem>):</para> 137 <para>Policy files should be tailored to each individual distribution 138 and/or installation. Some example policy files can be found in <filename 139 class="directory">/usr/doc/tripwire/</filename> (Note that <filename 140 class="directory">/usr/doc/</filename> is a symbolic link on LFS systems 141 to <filename class="directory">/usr/share/doc/</filename>).</para> 142 143 <para>If desired, copy the policy file you'd like to try into <filename 144 class="directory">/etc/tripwire/</filename> instead of using the default 145 policy file, <filename>twpol.txt</filename>. It is, however, recommended 146 that you edit your policy file. Get ideas from the examples above and 147 read <filename>/usr/doc/tripwire/policyguide.txt</filename> for 148 additional information. <filename>twpol.txt</filename> is a good policy 149 file for learning about <application>Tripwire</application> as it will 150 note any changes to the file system and can even be used as an annoying 151 way of keeping track of changes for uninstallation of software.</para> 152 153 <para>After your policy file has been edited to your satisfaction you may 154 begin the configuration steps (perform as the <systemitem 155 class='username'>root</systemitem>):</para> 184 156 185 157 <screen role="root"><userinput>twadmin --create-polfile --site-keyfile /etc/tripwire/site.key \ … … 187 159 tripwire --init</userinput></screen> 188 160 161 <para>Depending on your system and the contents of the policy file, the 162 initialization phase above can take a relatively long time.</para> 163 189 164 </sect3> 190 165 … … 192 167 <title>Usage Information</title> 193 168 194 <para>To use <application>Tripwire</application> after creating a policy 195 file to run a report, use the following command:</para> 169 <para><application>Tripwire</application> will identify file changes in 170 the critical system files specified in the policy file. Using 171 <application>Tripwire</application> while making frequent changes to 172 these directories will flag all these changes. It is most useful after a 173 system has reached a configuration that the user considers stable.</para> 174 175 <para>To use <application>Tripwire</application> after creating a policy 176 file to run a report, use the following command:</para> 196 177 197 178 <screen role="root"><userinput>tripwire --check > /etc/tripwire/report.txt</userinput></screen> 198 179 199 <para>View the output to check the integrity of your files. An automatic 200 integrity report can be produced by using a cron facility to schedule 201 the runs.</para> 202 203 <para>Please note that after you run an integrity check, you must 204 examine the report (or email) and then modify the 205 <application>Tripwire</application> database to reflect the changed 206 files on your system. This is so that <application>Tripwire</application> 207 will not continually notify you that files you intentionally changed are 208 a security violation. To do this you must first <command>ls -l 209 /var/lib/tripwire/report/</command> and note the name of the newest file 210 which starts with <filename>linux-</filename> and ends in 211 <filename>.twr</filename>. This encrypted file was created during the 212 last report creation and is needed to update the 213 <application>Tripwire</application> database of your system. Then, as the 214 <systemitem class='username'>root</systemitem> user, type 215 in the following command making the appropriate substitutions for 216 <replaceable><?></replaceable>:</para> 217 218 <screen role="root"><userinput>tripwire --update -twrfile \ 219 /var/lib/tripwire/report/linux-<replaceable><???????></replaceable>-<replaceable><??????></replaceable>.twr</userinput></screen> 180 <para>View the output to check the integrity of your files. An automatic 181 integrity report can be produced by using a cron facility to schedule the 182 runs.</para> 183 184 <para>Reports are stored in binary and, if desired, encrypted. View reports, 185 as the <systemitem class="username">root</systemitem> user, with:</para> 186 187 <screen role="root">twprint --print-report -r /var/lib/tripwire/report/<replaceable><report-name.twr></replaceable></screen> 188 189 <para>After you run an integrity check, you should examine the 190 report (or email) and then modify the <application>Tripwire</application> 191 database to reflect the changed files on your system. This is so that 192 <application>Tripwire</application> will not continually notify you that 193 files you intentionally changed are a security violation. To do this you 194 must first <command>ls -l /var/lib/tripwire/report/</command> and note 195 the name of the newest file which starts with your system name as 196 presented by the command <userinput>uname -n</userinput> 197 and ends in <filename>.twr</filename>. These files were created 198 during report creation and the most current one is needed to update the 199 <application>Tripwire</application> database of your system. As the 200 <systemitem class='username'>root</systemitem> user, type in the 201 following command making the appropriate report name:</para> 202 203 <screen role="root"><userinput>tripwire --update --twrfile /var/lib/tripwire/report/<replaceable><report-name.twr></replaceable></userinput></screen> 220 204 221 205 <para>You will be placed into <application>vim</application> with a copy … … 226 210 <command>:x</command>.</para> 227 211 228 229 212 <para>A good summary of tripwire operations can be found at 230 213 <ulink url="http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/ch-tripwire.html"/>.</para> … … 255 238 256 239 <seglistitem> 257 <seg>siggen, tripwire, twadmin, and twprint .</seg>240 <seg>siggen, tripwire, twadmin, and twprint</seg> 258 241 <seg>None</seg> 259 <seg>/etc/tripwire, / usr/share/doc/tripwire, and /var/lib/tripwire</seg>242 <seg>/etc/tripwire, /var/lib/tripwire, and /usr/share/doc/tripwire</seg> 260 243 </seglistitem> 261 244 </segmentedlist>
Note:
See TracChangeset
for help on using the changeset viewer.