Securing-Optimizing-RH-Linux-1_2_201
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
201
}
# Critical devices
(emailto = admin@openarch.com, rulename = "Critical devices", severity = $(SIG_HI), recurse = false)
{
/dev/kmem
-> $(Device) ;
/dev/mem
-> $(Device) ;
/dev/null
-> $(Device) ;
/dev/zero
-> $(Device) ;
/proc/devices
-> $(Device) ;
/proc/net
-> $(Device) ;
/proc/tty
-> $(Device) ;
/proc/sys
-> $(Device) ;
/proc/cpuinfo
-> $(Device) ;
/proc/modules -> $(Device) ;
/proc/mounts
-> $(Device) ;
/proc/dma
-> $(Device) ;
/proc/filesystems -> $(Device) ;
/proc/ide
-> $(Device) ;
/proc/interrupts
-> $(Device) ;
/proc/ioports
-> $(Device) ;
/proc/scsi
-> $(Device) ;
/proc/kcore
-> $(Device) ;
/proc/self
-> $(Device) ;
/proc/kmsg
-> $(Device) ;
/proc/stat
-> $(Device) ;
/proc/ksyms
-> $(Device) ;
/proc/loadavg
-> $(Device) ;
/proc/uptime
-> $(Device) ;
/proc/locks
-> $(Device) ;
/proc/version
-> $(Device) ;
/proc/meminfo -> $(Device) ;
/proc/cmdline
-> $(Device) ;
/proc/misc
-> $(Device) ;
}
NOTE: This is an example policy file we provide you, of course you must modify this file to fit your
system files and specific needs.
Step 2
Once you are ready to use your policy file for the first time, install it with the following command:
[root@deep /]# twadmin --create-polfile /usr/TSS/policy/twpol.txt
Please enter your site passphrase:
Wrote policy file: /usr/TSS/policy/tw.pol
Securing Tripwire for Linux
Security Issue
It is important to make sure that the integrity of the system you are running has not been already
compromised. For maximum confidence in your baseline database, you should generate
operating system and application files from a clean installation and original media.
Also, it is recommend to delete the plain text copy of Tripwire configuration file named twcfg.txt
located under /usr/bin directory to hide the locations of Tripwires files and prevent anyone from
creating a second or alternated configuration file.