LinuxSA Mailing list archives

Index: [thread] [date] [subject] [author] [stats]

  From: jonathan soong <jon.soong@imvs.sa.gov.au>
  To  : <shane.warner@tenix.com>
  Date: Thu, 31 Jul 2003 09:46:33 +0930

Re: Tripwire

Hmm, i wrote a self README for this (just the essential stuff) see below..
but (and i self quote :) - it adds sparkle) :
    "[if re-installing, you'll need to delete /etc/site.key]"

jon

================================================================================

INSTALL TRIPWIRE
^^^^^^^^^^^^^^^^
[if re-installing, you'll need to delete /etc/site.key]

$> cd /etc/tripwire
$> ./twinstall.sh                                      // will install 
tripwire

$> /usr/sbin/twadmin --create-polfile twpol.txt        // will create a 
policy files

[you can edit the twpol.txt policy file now, or wait until after the 
next step
 so you can see what is wrong with it]

$> /usr/sbin/tripwire --init                           // initialise the 
policy file - this
                                                    // will show any 
errors etc

[you should probably delete the twpol.txt file now - you can always 
recreate it from
the encoded db as long as you know your password]

UPDATE POLICY
^^^^^^^^^^^^^
If the twpol.txt file does not exist, recreate it:

$> /usr/sbin/twadmin --print-polfile > /etc/tripwire/twpol.txt    // 
create readable policy file from encoded db

now edit twpol.txt to your liking

then create new database:

$> /usr/sbin/twadmin --create-polfile -S site.key /etc/tripwire/twpol.txt

then delete the old encoded db:

$> rm /var/lib/tripwire/imvs$.twd

recreate the encoded database from the new twpol.txt file

$> /usr/sbin/tripwire --init                                 // recreate 
encoded db

(To make sure changes took effect, run tripwire again - 
/usr/sbin/tripwire --check)


RUN TRIPWIRE
^^^^^^^^^^^^
Run tripwire

$> /usr/sbin/tripwire --check

UPGRADE POLICY (Required if tripwire caught anything)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If changes have been found, you can update your policy db in two ways:

$> /usr/sbin/tripwire --update --twrfile /var/lib/tripwire

or you can run a check interactively

$> /usr/sbin/tripwire --check --interactive

NOTES
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
I had to create the following symlink:

$>ln -s /etc/tripwire/localhost-local.key /etc/tripwire/site.key

It appears that the twpol.txt file that RedHat 7.3 creates didn't call 
the '.key'
file the correct name.

Shane Warner on behalf of Shane Warner wrote:

>Hi All.
>
>A long time in the past I attempted to setup tripwire.  At the time I stuffed 
>something up and it didn't setup properly.  I have since forgotten what I had 
>used as my passphrase.
>
>Is there someway I can reset everything and start from scratch?
>
>All help appreciated.
>
>Cheers,
>Shane.
>
>  
>


-- 
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.freenode.net
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject

Index: [thread] [date] [subject] [author] [stats]

Return to the LinuxSA Mailing List Information Page