Securing-Optimizing-RH-Linux-1_2_202
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
202
·
To delete the plain text copy of tripwire configuration file, use the following command:
[root@deep /]# rm -f /usr/bin/twcfg.txt
Further documentation
For more details, there are several man pages you can read:
siggen (8) - signature gathering routine for Tripwire
tripwire (8) - a file integrity checker for UNIX systems
twadmin (8)
- Tripwire administrative and utility tool
twconfig (4) - Tripwire configuration file reference
twfiles (5)
- overview of files used by Tripwire and file backup process
twintro (8) - introduction to Tripwire software
twpolicy (4) - Tripwire policy file reference
twprint (8) - Tripwire database and report printer
Commands
The commands listed bellows are some that we use often in our regular use but much more exist
and you must check the man page for more details and information.
Creating the database for the first time
Once your policy file has been installed, it is time to builds and initializes your database of file
system objects, based on the rules from your policy file. This database will serve as the baseline
for later integrity checks.
The syntax for Database Initialization mode is:
[root@deep /]# tripwire { --init }
·
To initialize your database file, use the following command:
[root@deep /]# tripwire --init
Please enter your local passphrase:
Parsing policy file: /usr/TSS/policy/tw.pol
Generating the database...
*** Processing Unix File System ***
Wrote database file: /usr/TSS/db/deep.openarch.com.twd
The database was successfully generated.
NOTE: When this command has executed, the database is ready and you can check system
integrity and review the report file.
Running the Integrity or Interactive Check Mode
Tripwire has a feature called Integrity Check Mode. Now that our database has been build, we
can run this feature to compare the current file system objects with their properties as recorded in
the Tripwire database. All violations of files will be printed to stdout; the report-generated file will
be saved and can later be accessed by the twprint utility.
The syntax for integrity check mode is:
[root@deep /]# tripwire { --check }
·
To run the integrity check mode, use the command:
[root@deep /]# tripwire --check
Tripwire can also be run in Interactive Check Mode. In this mode you can automatically update
your changes via the terminal.