Securing-Optimizing-RH-Linux-1_2_203
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
203
·
To run in interactive check mode, use the command:
[root@deep /]# tripwire --check --interactive
An email option exists with Tripwire and allows you to send email. This option will specifies that
reports be emailed to the recipients designated in the policy file.
·
To run in integrity check mode and send email to the recipient, use the command:
[root@deep /]# tripwire --check --email-report
Updating the database after an integrity check
If you have decided to use the Integrity Check Mode of Tripwire instead of it Interactive Check
Mode, you must update the Tripwire database with the Database Update Mode feature. This
update process allow you to saves time by updating the database without having to regenerate it
and also enables selective updating, which cannot be done through regeneration.
The syntax for database update mode is:
[root@deep /]# tripwire { --update -r}
·
To update the database, use the command:
[root@deep /]# tripwire --update -r /usr/TSS/report/deep.openarch.com-200001-021854.twr
Where -r read the specified report file (deep.openarch.com-200001-021854.twr). This option is
required since the REPORTFILE variable in the current configuration file uses $(DATE).
NOTE: In Database Update Mode or Interactive Check Mode, Tripwire software displays the report
in your terminal with a ballot box next to each policy violation. You can approve a change to the
file system by leaving the x next to each policy violation or remove the x from the ballot box
and the database will not be updated with the new value(s) for that object. After you exit the editor
and provide the local pass phrase, Tripwire software will update and save your changes.
Updating the policy file
Some time you want to change the rules in your policy file to reflect a new files location or policy
rules. A special command exists to make the work and update the database without requiring a
complete re-initialization of the policy file. This can save a significant amount of time and
preserves security by keeping the policy file synchronized with the database it uses.
The syntax for policy update mode is:
[root@deep /]# tripwire { --update-policy /path/to/new/policy/file}
·
To update the policy file, use the command:
[root@deep /]# tripwire --update-policy /usr/TSS/policy/newtwpol.txt
The policy Update mode runs with --secure-mode high option by default. You may encounter
errors when running with this option if the file system has changed since the last database
update, and if the changes still cause a violation in the new policy. After determining that all of the
violations reported in high security mode are authorized, you can update the policy file in low
security mode to solve this situation:
·
To update the policy file in low security mode, use the command:
[root@deep /]# tripwire --update-policy --secure-mode low /usr/TSS/policy/newtwpol.txt