diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2018-07-14 20:56:41 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2018-07-14 20:56:41 +0100 |
commit | d87262dd706fec50cd150aab3e93883b6337466d (patch) | |
tree | 246b44c33ad7a57550430b0a60fa0df86a3c9e68 /app-admin/tripwire/files | |
parent | 71bc00c87bba1ce31de0dac6c3b7fd1aee6917fc (diff) |
gentoo resync : 14.07.2018
Diffstat (limited to 'app-admin/tripwire/files')
-rw-r--r-- | app-admin/tripwire/files/tripwire | 10 | ||||
-rw-r--r-- | app-admin/tripwire/files/tripwire.txt | 272 | ||||
-rw-r--r-- | app-admin/tripwire/files/twcfg.txt | 15 |
3 files changed, 0 insertions, 297 deletions
diff --git a/app-admin/tripwire/files/tripwire b/app-admin/tripwire/files/tripwire deleted file mode 100644 index 8f0f23f3e2d5..000000000000 --- a/app-admin/tripwire/files/tripwire +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -HOST_NAME=`uname -n` -if [ ! -e /var/lib/tripwire/${HOST_NAME}.twd ] ; then - echo "**** Error: Tripwire database for ${HOST_NAME} not found. ****" - echo "**** Check tripwire.txt file for instructions or install ****" - echo "**** app-admin/mktwpol package (if you used the \"tools\" ****" - echo "**** USE flag, this has been done for you already. ****" -else - test -f /etc/tripwire/tw.cfg && /usr/sbin/tripwire --check --quiet -fi diff --git a/app-admin/tripwire/files/tripwire.txt b/app-admin/tripwire/files/tripwire.txt deleted file mode 100644 index 4f47f8bd8196..000000000000 --- a/app-admin/tripwire/files/tripwire.txt +++ /dev/null @@ -1,272 +0,0 @@ -tripwire.txt v. 11 Sept 2013 - -Introduction to Tripwire, with Gentoo-specific installation information - -Tripwire software can monitor the integrity of critical system files and -directories by identifying specified changes made to selected system -files and directories. Configure Tripwire software to monitor your -system in the way that is best for you. - -Tripwire software works by comparing files and directories against a -defined baseline, stored in a tripwire-created database. Tripwire -generates the baseline by taking a "snapshot" of specified files and -directories. Tripwire software then compares the current system against -the baseline and reports modifications, additions, or deletions. Use -Tripwire software for system security, intrusion detection, damage -assessment, and recovery forensics. - - -To set-up Tripwire Configuration - -The Tripwire tarball installs the basic program files needed to run the -software. However, this installation does not prepare the configuration -files that Tripwire needs to perform correctly. After you install the -tripwire executable files and example configuration, you must: - -1. Review and perhaps edit the plain-text tripwire configuration file - (/etc/tripwire/twcfg.txt) with a text editor, if desired. - -2. Either run a configuration script (twsetup.sh from Gentoo's mktwpol - package, or tripwire-setup-keyfiles from Red Hat, or deprecated - twinstall.sh, also from Red Hat), or run the program `twadmin` with - the correct command line switches to make key files and encrypt/sign - the tripwire configuration file. - - Make site key file - ------------------ - `twadmin --generate-keys -S /etc/tripwire/site.key` - - Make local key file - ------------------- - `twadmin --generate-keys -L /etc/tripwire/$HOSTNAME-local.key` - - Make mandatory signed tripwire configuration file (tw.cfg) - ---------------------------------------------------------- - `twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt` - -Note: Once encrypted/signed, the configuration file, tw.cfg, must not be -renamed or moved. The plain-text tripwire configuration file (twcfg.txt) -should be deleted. It can be recreated with `twadmin --print-cfgfile` - -3. Make a plain-text policy file. The use of the name twpol.txt is - common, but the name of this file is not defined or used by Tripwire, - other than preparation of the encrypted/signed policy file. - - To make the plain-text policy file, either run a policy file generator - (for example, mktwpol.sh from Gentoo's mktwpol package), or edit the - plain-text policy file (twpol-GENERIC.txt, or twpol.txt, or similar) - with a text editor. The plain-text policy file should not refer to - any non-existent file or directory. - - If you edit twpol-GENERIC.txt to act as your plain-text policy file, - provide your system's HOSTNAME at line 61. If you don't provide - the correct HOSTNAME, a tripwire inspection of the target computer's - filesystem will fail to check the tripwire database file for changes. - - TWDB=/var/lib/tripwire/YOUR_HOSTNAME.twd; - -4. Convert the plain-text policy file into the encrypted/signed form - that tripwire will refer to as it examines the files on the target - computer's filesystem. The default filename for the encrypted/signed - policy file is defined in the tripwire configuration file (tw.cfg) - and is usually tw.pol. The encryption/signing of plain-text twpol.txt - is done with yet another `twadmin` command line. - - Make mandatory encrypted/signed system inspection policy file - -------------------------------------------------------------- - `twadmin -m P -c /etc/tripwire/tw.cfg /etc/tripwire/twpol.txt` - -Note: If you modify the plain-text policy file after running the -configuration script, you must re-sign the plain-text policy file before -initializing the database file. Tripwire baseline database creation and -inspections refer to the encrypted/signed policy file, not to the -plain-text policy file. - -Note: The plain-text tripwire policy file (twpol.txt) should be deleted. -It can be recreated with `twadmin --print-polfile` - -5. Initialize the Tripwire database file. - - Record current file attributes in the tripwire database - ------------------------------------------------------- - `tripwire --init -c /etc/tripwire/tw.cfg` - -Note: Tripwire might issue some "Warning: File system error" errors, -and appear to hang. But as long as it follows with "### Continuing...", -it is still working. - -6. Run the first integrity check. - - `tripwire --check -c /etc/tripwire/tw.cfg` - -Note: The use of "-c /etc/tripwire/tw.cfg" is not required if Tripwire -uses the default tripwire configuration directory and file names. If -you defer to tripwire default filenames, then updating a text policy -file into a tripwire database, and running an integrity check, can be -done with these commands: - - `twadmin --create-polfile /etc/tripwire/twpol.txt` - `tripwire --init` - `tripwire --check` - -Modifying the Policy File - -How Tripwire software checks your system is specified in the Tripwire -plain-text policy file (twpol.txt). A default policy file is included in -the Tripwire software installation. This policy file should be tailored -to fit your particular system. Tailoring the policy file is necessary -to take advantage of Tripwire software's ability to monitor changes on -your system. - -The plain-text policy file is usually located at /etc/tripwire/twpol.txt. -An example policy file (located at /etc/tripwire/twpol-GENERIC.txt, or -at /usr/share/doc/tripwire-VER#-REL#/policyguide.txt) is included to -help you learn the policy language. Read the sample policy files and -the comments in the sample policy file to learn the policy language. - -After you modify the plain-text policy file, don't forget! - - encrypt/sign using `twadmin --create-polfile /etc/tripwire/twpol.txt` - - -Selecting Passphrases - -Tripwire files are encrypted/signed using site or local keys. These keys -are protected by passphrases. When selecting passphrases, the following -recommendations apply: - -Use at least eight alphanumeric and symbolic characters for each -passphrase. The maximum length of a passphrase is 1023 characters. -Quotes should not be used as passphrase characters. - -Assign a unique passphrase for the site key. The site key passphrase -protects the site key, which is used to sign Tripwire software -configuration and policy files. Assign a unique passphrase for the local -key. The local key signs the Tripwire baseline database file. The local -key may sign the Tripwire report files also. - -Store the passphrases in a secure location. There is no way to remove -encryption from a signed file if you forget your passphrase and lost the -key files. If you forget the passphrases, the files are unusable. In -that case you must create new key files and the baseline database. - - -Initializing the Database - -In Database Initialization mode, Tripwire software builds a database of -filesystem objects based on the rules in the policy file. This database -serves as the baseline for integrity checks. The syntax for Database -Initialization mode is: - - `tripwire --init -c /etc/tripwire/tw.cfg` - - -Running an Integrity Check - -The Integrity Check mode compares the current file system objects with -their properties recorded in the Tripwire database. Violations are -printed to stdout. The report file is saved and can later be accessed by -twprint. An email option enables you to send email. The syntax for -Integrity Check mode is: - - `tripwire --check -c /etc/tripwire/tw.cfg` - - -Printing Reports - twprint Print Report Mode - -The twprint --print-report mode prints the contents of a Tripwire -report. If you do not specify a report with the --twrfile or -r -command-line argument, the default report file specified by the -configuration file REPORTFILE variable is used. - -Example: On a machine named LIGHTHOUSE, the command could be: - - `twprint -m r --twrfile LIGHTHOUSE-19990622-021212.twr` - - -Updating the Database after an Integrity Check - -Database Update mode enables you to update the Tripwire database after -an integrity check if you determine that the violations discovered are -valid. This update process saves time by enabling you to update the -database without having to re-initialize it. It also enables selective -updating, which cannot be done through re-initialization. The syntax for -Database Update mode is: - - `tripwire --update` - - -Updating the Policy File - -Change the way that Tripwire software scans the system by changing the -rules in the policy file. You can then update the database without a -complete re-initialization. This saves a significant amount of time and -preserves security by keeping the policy file synchronized with the -database it uses. The syntax for Policy Update mode is: - - `tripwire --update-policy` - - -Testing email functions - -Test mode tests the software's email notification system, using the -settings currently specified in the configuration file. The syntax for -Email Test Reporting mode is: - - `tripwire --test` - - -Tripwire Components - -The policy file begins as a text file containing comments, rules, -directives, and variables. These dictate the way Tripwire software -checks your system. Each rule in the policy file specifies a system -object to be monitored. Rules also describe which changes to the object -to report, and which to ignore. - -System objects are the files and directories you wish to monitor. Each -object is identified by an object name. A property refers to a single -characteristic of an object that Tripwire software can monitor. -Directives control conditional processing of sets of rules in a policy -file. During installation, the text policy file is encrypted/signed and -renamed, and becomes the active policy file. - -The database file is an important component of Tripwire software. When -first installed, Tripwire software uses the policy file rules to create -the database file. The database file is a baseline "snapshot" of the -system in a known secure state. Tripwire software compares this baseline -against the current system to determine what changes have occurred. This -is an integrity check. - -When you perform an integrity check, Tripwire software produces report -files. Report files summarize any changes that violated the policy file -rules during the integrity check. You can view the report file in a -variety of formats, at varying levels of detail. - -The Tripwire configuration file stores system-specific information, such -as the location of Tripwire data files. Tripwire software generates some -of the configuration file information during installation. The system -administrator can change parameters in the configuration file at any -time. The configuration file variables POLFILE, DBFILE, REPORTFILE, -SITEKEYFILE, and LOCALKEYFILE specify where the policy file, database -file, report files, and site and local key files reside. These variables -must be defined or the configuration file is invalid. If any of these -variables are undefined, an error occurs on execution of Tripwire -software and the program exits. - - -Tripwire Help - -All Tripwire commands support the help arguments. - -Example: To get help with Create Configuration File mode, type: - - `twadmin --help --create-cfgfile` - - -? Display usage and version information - --help Display all command modes - --help all Display help for all command modes - --help [mode] Display help for current command mode - --version Display version information - -We recommend you read the Tripwire Release Notes and README file. diff --git a/app-admin/tripwire/files/twcfg.txt b/app-admin/tripwire/files/twcfg.txt deleted file mode 100644 index 9cf39bcc01e4..000000000000 --- a/app-admin/tripwire/files/twcfg.txt +++ /dev/null @@ -1,15 +0,0 @@ -ROOT =/usr/sbin -POLFILE =/etc/tripwire/tw.pol -DBFILE =/var/lib/tripwire/$(HOSTNAME).twd -REPORTFILE =/var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr -SITEKEYFILE =/etc/tripwire/site.key -LOCALKEYFILE =/etc/tripwire/$(HOSTNAME)-local.key -EDITOR =/bin/nano -LATEPROMPTING =false -LOOSEDIRECTORYCHECKING =false -MAILNOVIOLATIONS =true -EMAILREPORTLEVEL =3 -REPORTLEVEL =3 -MAILMETHOD =SENDMAIL -SYSLOGREPORTING =false -MAILPROGRAM =/usr/lib/sendmail -oi -t |