Difference between revisions of "Tripwire"
From Alessandro's Wiki
(Created page with " = tripwire = http://www.tripwire.com/ * tripwire is a security tool to check for modified system files. == configuration / installation == * installaing from repositories: ...") |
|||
(6 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
http://www.tripwire.com/ | http://www.tripwire.com/ | ||
Line 8: | Line 5: | ||
== configuration / installation == | == configuration / installation == | ||
=== installaing from repositories === | |||
* debian based | |||
apt-get install tripwire | apt-get install tripwire | ||
* red-hat | * red-hat based | ||
yum install tripwire | yum install tripwire | ||
* gentoo | |||
emerge app-admin/tripwire | |||
=== first run === | |||
* first install: | |||
/etc/tripwire/twinstall.sh | |||
* if twcfg.txt modified, then regen sign: | |||
twadmin -m P /etc/tripwire/twpol.txt | |||
* Generate database with passwords: | * Generate database with passwords: | ||
Line 27: | Line 35: | ||
* adapt policy to the system: | * adapt policy to the system: | ||
tripwire --update-policy -Z low /etc/tripwire/twpol.txt | tripwire --update-policy -Z low /etc/tripwire/twpol.txt | ||
== gentoo specific == | |||
* here is a [[BASH]] script to generate the configuration from installed packages: | |||
https://34662.bugs.gentoo.org/attachment.cgi?id=269983 | |||
* run it like this: | |||
cd /etc/tripwire | |||
wget -O gentoo_generate.sh 'https://34662.bugs.gentoo.org/attachment.cgi?id=269983' | |||
chmod +x gentoo_generate.sh | |||
./gentoo_generate.sh > twpol.txt | |||
... from this post: https://bugs.gentoo.org/34662?id=34662 | |||
... from this wiki http://en.gentoo-wiki.com/wiki/Tripwire | |||
* initial database cleaning from no-existent diles: | |||
cd /etc/tripwire | |||
tripwire --init 2> stufftoprune | |||
* convert list to only filenames | |||
grep Filename stufftoprune | awk '{print $3}' > filestoprune | |||
* remove fileanme lines from file | |||
cat filestoprune | xargs -i perl -pi.bak -e 's!\A(\s+){}\b!\1#{}!g' /etc/tripwire/twpol.txt |
Latest revision as of 08:07, 22 September 2011
- tripwire is a security tool to check for modified system files.
configuration / installation
installaing from repositories
- debian based
apt-get install tripwire
- red-hat based
yum install tripwire
- gentoo
emerge app-admin/tripwire
first run
- first install:
/etc/tripwire/twinstall.sh
- if twcfg.txt modified, then regen sign:
twadmin -m P /etc/tripwire/twpol.txt
- Generate database with passwords:
tripwire -m i
- edit config file:
vi /etc/tripwire/twcfg.txt
- change this to false at first run. Put it back to true after directory rescan.
LOOSEDIRECTORYCHECKING =true
- edit policy file:
vi /etc/tripwire/twpol.txt
- adapt policy to the system:
tripwire --update-policy -Z low /etc/tripwire/twpol.txt
gentoo specific
- here is a BASH script to generate the configuration from installed packages:
https://34662.bugs.gentoo.org/attachment.cgi?id=269983
- run it like this:
cd /etc/tripwire wget -O gentoo_generate.sh 'https://34662.bugs.gentoo.org/attachment.cgi?id=269983' chmod +x gentoo_generate.sh ./gentoo_generate.sh > twpol.txt
... from this post: https://bugs.gentoo.org/34662?id=34662
... from this wiki http://en.gentoo-wiki.com/wiki/Tripwire
- initial database cleaning from no-existent diles:
cd /etc/tripwire tripwire --init 2> stufftoprune
- convert list to only filenames
grep Filename stufftoprune | awk '{print $3}' > filestoprune
- remove fileanme lines from file
cat filestoprune | xargs -i perl -pi.bak -e 's!\A(\s+){}\b!\1#{}!g' /etc/tripwire/twpol.txt