[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Tripwire Config

package tripwire comes with a basic configuration file
/etc/tripwire/twcfg.txt, which sets the mandatory variables
to the defaults as described in the twconfig(4) manual
page. This configuration is merely enough to set tripwire
to work.

The following five steps can serve you as a quick cookbook for
setting tripwire to work.

1. Choose a convenient HOSTNAME and generate site and local keys using

     twadmin --generate-keys -L /etc/tripwire/HOSTNAME-local.key
     twadmin --generate-keys -S /etc/tripwire/site.key

This creates the files named above as arguments.

2. Designate the configuration file with

twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt

This creates file /etc/tripwire/tw.cfg.

3. Create a policy file. A complex example can be found in
   /usr/share/doc/packages/tripwire/twpol.txt. For test purposes,
   a single rule

/bin -> $(ReadOnly); # the ending semicolon is mandatory

or alike will do. Designate this with

twadmin --create-polfile -S /etc/tripwire/site.key /etc/tripwire/twpol.txt

   provided /etc/tripwire/twpol.txt is the name of your policy file.
   This creates file /etc/tripwire/tw.pol.

4. Generates a baseline database (snapshot of the objects residing on
   the system, according to the installed policy file) using

tripwire --init

This creates file /var/lib/tripwire/titan.twd.

5. You can check the system with

tripwire --check

   This prints a report on the standard output and generates file
   /var/lib/tripwire/report/titan-YYYYMMDD-HHMMSS.twr. The report can
   be redisplayed using

twprint --print-report -r /var/lib/tripwire/report/titan-YYYYMMDD-HMMSS.twr

Hope this helps; You email me direct if you like, I'm installing it now;


Sturgis, Grant wrote:
Greetings All,

Sorry if this has been covered, I have googled a bit and haven't really come up with anything relevant.

Does anyone have a working Tripwire config for a SuSE 8.1 system? The SuSE 8.1 ships with Tripwire 1.2-597.



This electronic message transmission is a PRIVATE communication which contains
information which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. Please notify the
sender of the delivery error by replying to this message, or notify us by
telephone (877-633-2436, ext. 0), and then delete it from your system.

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here