HostedDB - Dedicated UNIX Servers

Securing-Optimizing-RH-Linux-1_2_202
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 202 · To delete the plain text copy of tripwire configuration file, use the following command: [root@deep /]# rm -f /usr/bin/twcfg.txt Further documentation For more details, there are several man pages you can read: siggen (8)              - signature gathering routine for Tripwire tripwire (8)             - a file integrity checker for UNIX systems twadmin (8) - Tripwire administrative and utility tool twconfig (4)           - Tripwire configuration file reference twfiles (5)            - overview of files used by Tripwire and file backup process twintro (8)               - introduction to Tripwire software twpolicy (4)            - Tripwire policy file reference twprint (8)               - Tripwire database and report printer Commands The commands listed bellows are some that we use often in our regular use but much more exist and you must check the man page for more details and information. Creating the database for the first time Once your policy file has been installed, it is time to builds and initializes your database of file system objects, based on the rules from your policy file. This database will serve as the baseline for later integrity checks. The syntax for Database Initialization mode is: [root@deep /]# tripwire { --init } · To initialize your database file, use the following command: [root@deep /]# tripwire --init Please enter your local passphrase: Parsing policy file: /usr/TSS/policy/tw.pol Generating the database... *** Processing Unix File System *** Wrote database file: /usr/TSS/db/deep.openarch.com.twd The database was successfully generated. NOTE: When this command has executed, the database is ready and you can check system integrity and review the report file. Running the Integrity or Interactive Check Mode Tripwire has a feature called “Integrity Check Mode”. Now that our database has been build, we can run this feature to compare the current file system objects with their properties as recorded in the Tripwire database. All violations of files will be printed to  stdout; the report-generated file will be saved and can later be accessed by the  twprint utility. The syntax for integrity check mode is: [root@deep /]# tripwire { --check } · To run the integrity check mode, use the command: [root@deep /]# tripwire --check Tripwire can also be run in “Interactive Check Mode”. In this mode you can automatically update your changes via the terminal.