299 lines
5.4 KiB
HTML
299 lines
5.4 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Configure the /etc/cron.daily/tripwire.verify script</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.60"><LINK
|
|
REL="HOME"
|
|
TITLE="Securing and Optimizing Linux"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Linux Tripwire ASR 1.3.1"
|
|
HREF="tripwireASR.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Configure the /etc/tw.config file"
|
|
HREF="chap18sec146.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Tripwire in Interactive Checking Mode"
|
|
HREF="chap18sec148.html"></HEAD
|
|
><BODY
|
|
CLASS="section"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Securing and Optimizing Linux: RedHat Edition -A Hands on Guide</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="chap18sec146.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 18. Linux Tripwire ASR 1.3.1</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="chap18sec148.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><H1
|
|
CLASS="section"
|
|
><A
|
|
NAME="AEN9844"
|
|
>18.4. Configure the <TT
|
|
CLASS="filename"
|
|
>/etc/cron.daily/tripwire.verify</TT
|
|
> script</A
|
|
></H1
|
|
><P
|
|
> The <TT
|
|
CLASS="filename"
|
|
>tripwire.verify</TT
|
|
> file is a small script executed by the crond program of your server each day to scan your hard disk for possible changed files or directories and mail the results to
|
|
the system administrator. This script will automate the procedure of integrity checking for you. If you intend to automate this task, follow the simple steps below.
|
|
</P
|
|
><DIV
|
|
CLASS="procedure"
|
|
><OL
|
|
TYPE="1"
|
|
><LI
|
|
><P
|
|
>
|
|
Create the <TT
|
|
CLASS="filename"
|
|
>tripwire.verify</TT
|
|
> script file, <B
|
|
CLASS="command"
|
|
>touch</B
|
|
> <TT
|
|
CLASS="filename"
|
|
>/etc/cron.daily/tripwire.verify</TT
|
|
> and add in this script:
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="programlisting"
|
|
> #!/bin/sh
|
|
/usr/sbin/tripwire -loosedir -q | (cat <<EOF
|
|
This is an automated report of possible file integrity changes, generated by
|
|
the Tripwire integrity checker. To tell Tripwire that a file or entire
|
|
directory tree is valid, as root run:
|
|
|
|
/usr/sbin/tripwire -update [pathname|entry]
|
|
|
|
If you wish to enter an interactive integrity checking and verification
|
|
session, as root run:
|
|
|
|
/usr/sbin/tripwire -interactive
|
|
|
|
Changed files/directories include:
|
|
EOF
|
|
cat
|
|
) | /bin/mail -s "File integrity report" root
|
|
</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>
|
|
Now, make this script executable and change its mode to be 0700 with the following command:
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="screen"
|
|
> [root@deep] /# <B
|
|
CLASS="command"
|
|
>chmod</B
|
|
> 700 /etc/cron.daily/tripwire.verify
|
|
</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
</P
|
|
></LI
|
|
></OL
|
|
></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><H2
|
|
CLASS="section"
|
|
><A
|
|
NAME="AEN9860"
|
|
>18.4.1. Security Issue</A
|
|
></H2
|
|
><P
|
|
> It is recommended for better security that the database <TT
|
|
CLASS="filename"
|
|
>tw.db_[hostname]</TT
|
|
> file of Tripwire be moved someplace <SPAN
|
|
CLASS="abbrev"
|
|
>e.g.</SPAN
|
|
> floppy, where it cannot be modified. This is important
|
|
because data from Tripwire is only as trustworthy as its database.
|
|
It is also recommend that you make a hardcopy printout of the database contents right away. In the event that you become suspicious of the integrity of the database, you will be able to manually compare
|
|
information against this hardcopy.
|
|
</P
|
|
><P
|
|
> For more details, Further documentation, there are several man pages you can read:
|
|
<P
|
|
></P
|
|
><DIV
|
|
CLASS="variablelist"
|
|
><DL
|
|
><DT
|
|
><SPAN
|
|
CLASS="citerefentry"
|
|
><SPAN
|
|
CLASS="refentrytitle"
|
|
>siggen</SPAN
|
|
>(8)</SPAN
|
|
></DT
|
|
><DD
|
|
><P
|
|
> - signature generation routine for Tripwire
|
|
</P
|
|
></DD
|
|
><DT
|
|
><SPAN
|
|
CLASS="citerefentry"
|
|
><SPAN
|
|
CLASS="refentrytitle"
|
|
>tripwire</SPAN
|
|
>(8)</SPAN
|
|
></DT
|
|
><DD
|
|
><P
|
|
> - a file integrity checker for UNIX systems
|
|
</P
|
|
></DD
|
|
><DT
|
|
><SPAN
|
|
CLASS="citerefentry"
|
|
><SPAN
|
|
CLASS="refentrytitle"
|
|
>tw.config</SPAN
|
|
>(5)</SPAN
|
|
></DT
|
|
><DD
|
|
><P
|
|
> - configuration file for Tripwire
|
|
</P
|
|
></DD
|
|
></DL
|
|
></DIV
|
|
>
|
|
</P
|
|
><P
|
|
> The commands listed in the next section are some that we use often in regular use, but many more exist. Check the man pages for more details.
|
|
</P
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="chap18sec146.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="chap18sec148.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Configure the <TT
|
|
CLASS="filename"
|
|
>/etc/tw.config</TT
|
|
> file</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="tripwireASR.html"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Tripwire in <TT
|
|
CLASS="literal"
|
|
>Interactive Checking Mode</TT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |