[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Tripwire Config
package tripwire comes with a basic configuration file
/etc/tripwire/twcfg.txt, which sets the mandatory variables
to the defaults as described in the twconfig(4) manual
page. This configuration is merely enough to set tripwire
The following five steps can serve you as a quick cookbook for
setting tripwire to work.
1. Choose a convenient HOSTNAME and generate site and local keys using
twadmin --generate-keys -L /etc/tripwire/HOSTNAME-local.key
twadmin --generate-keys -S /etc/tripwire/site.key
This creates the files named above as arguments.
2. Designate the configuration file with
twadmin --create-cfgfile -S /etc/tripwire/site.key
This creates file /etc/tripwire/tw.cfg.
3. Create a policy file. A complex example can be found in
/usr/share/doc/packages/tripwire/twpol.txt. For test purposes,
a single rule
/bin -> $(ReadOnly); # the ending semicolon is mandatory
or alike will do. Designate this with
twadmin --create-polfile -S /etc/tripwire/site.key
provided /etc/tripwire/twpol.txt is the name of your policy file.
This creates file /etc/tripwire/tw.pol.
4. Generates a baseline database (snapshot of the objects residing on
the system, according to the installed policy file) using
This creates file /var/lib/tripwire/titan.twd.
5. You can check the system with
This prints a report on the standard output and generates file
/var/lib/tripwire/report/titan-YYYYMMDD-HHMMSS.twr. The report can
be redisplayed using
twprint --print-report -r
Hope this helps; You email me direct if you like, I'm installing it now;
Sturgis, Grant wrote:
Sorry if this has been covered, I have googled a bit and haven't really come up with anything relevant.
Does anyone have a working Tripwire config for a SuSE 8.1 system? The SuSE 8.1 ships with Tripwire 1.2-597.
This electronic message transmission is a PRIVATE communication which contains
information which may be confidential or privileged. The information is intended
to be for the use of the individual or entity named above. If you are not the
intended recipient, please be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited. Please notify the
sender of the delivery error by replying to this message, or notify us by
telephone (877-633-2436, ext. 0), and then delete it from your system.
Check the headers for your unsubscription address
For additional commands, e-mail: email@example.com
Security-related bug reports go to firstname.lastname@example.org, not here