Re: How do I use tripwire?

From: Peter D. (psd_at_home.invalid)
Date: 09/02/05

  • Next message: Ola Bodin: "Re: Is my system secure? What else should I do?" 
    Date: Fri, 02 Sep 2005 18:18:31 +1000

    Proteus wrote in alt.os.linux.mandriva:

    > Can anybody guide me on getting started with using tripwire? I
    > installed it using uprmi. Not sure what to do now.
    [snip]

    Read the documentation, most of what you need is here;

    ,----[ /home/psd/tripwire.sh ]
    |
    | if [ "localhost" == $(hostname) ] ;then
    | echo fix host name
    | return 1
    | fi
    |
    | if [ ! -f /etc/tripwire/tw.cfg ] ; then
    | echo
    | echo installing tripwire
    | urpmi --verify-rpm --auto tripwire
    | /etc/tripwire/twinstall.sh
    | fi
    | cd /etc/tripwire
    | #mv twpol.txt twpol.txt.orig
    | # edit /etc/tripwire/twcfg.txt to suit
    | if [ twcfg.txt -nt tw.cfg ] ; then
    | twadmin --create-cfgfile --cfgfile tw.cfg \
    | --site-keyfile site.key twcfg.txt
    | fi
    | # Policy file.
    | # edit /etc/tripwire/twpol.txt
    | if [ twpol.txt -nt tw.pol ] ; then
    | # avoid raising a creatation error on tw's own data bases
    | # touch /var/lib/tripwire/$(HOSTNAME).twd
    | # *before* updateing $pol_file
    | touch /var/lib/tripwire/$(uname -n).twd
    | twadmin --create-polfile \
    | --polfile tw.pol \
    | twpol.txt
    | # remove plain text file if paranoid
    | # /bin/rm twpol.txt
    | fi
    |
    | # Data base file
    | if [ ! -f $db_file ] || [ $pol_file -nt $db_file ] ; then
    | /usr/sbin/tripwire \
    | --init \
    | --polfile /etc/tripwire/tw.pol
    | --dbfile /var/lib/tripwire/$(uname -n).twd
    | fi
    | # look at /etc/cron.daily/tripwire-check
    `----

    Don't forget to edit the various files in /etc/tripwire.
    Set up cron to run tripwire when the machine is not busy.
    Set up anacron to run tripwire when the machine is turned
    on (if it missed the cron job in the middle of the night).

    You will probably want to play with
    "nice tripwire -m c -I" a few times. Be warned, it is slow. 

    -- 
Peter D.
Sig goes here...
  • Next message: Ola Bodin: "Re: Is my system secure? What else should I do?"

    Relevant Pages

    • Re: security question
      ... > When you are sure a system is clean you could look at installing ... > something like tripwire to inform about any unauthorised changes. ...
      (alt.os.linux.suse)
    • Re: Wire tripped
      ... including tripwire itself. ... > Where the files all part of gnome-common? ... Haven't upgraded tripwire since installing it. ... through yum (yum erase tripwire; ...
      (Fedora)
    • Re: logwatch & tripwire
      ... > I installed the tripwire package on my FC 1 system, ... > not in de daily logwatch reports. ... > Anyone knows how I can enter tripwire to logwatch? ... Part II - Installing Tripwire ...
      (Fedora)
    • Re: /proc/kcore a little big :|
      ... I go see and try to edit it to see. ... God! ... Why is tripwire monitoring anything in the /proc filesystem.?? ... That is a totally dynamic area and should not be monitored by tripwire. ...
      (Fedora)
    • Re: Dumb Newbie question bout Tripwire
      ... > mail to root about Tripwire. ... > installing RH or do you have to set it up after installing? ...
      (RedHat)
    • Quantcast