LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/solrhe/Securing-Optimizing-Linux-R.../chap18sec147.html

299 lines
5.4 KiB
HTML
Raw Permalink Blame History

<HTML
><HEAD
><TITLE
>Configure the /etc/cron.daily/tripwire.verify script</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.60"><LINK
REL="HOME"
TITLE="Securing and Optimizing Linux"
HREF="index.html"><LINK
REL="UP"
TITLE="Linux Tripwire ASR 1.3.1"
HREF="tripwireASR.html"><LINK
REL="PREVIOUS"
TITLE="Configure the /etc/tw.config file"
HREF="chap18sec146.html"><LINK
REL="NEXT"
TITLE="Tripwire in Interactive Checking Mode"
HREF="chap18sec148.html"></HEAD
><BODY
CLASS="section"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Securing and Optimizing Linux: RedHat Edition -A Hands on Guide</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="chap18sec146.html"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 18. Linux Tripwire ASR 1.3.1</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="chap18sec148.html"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="section"
><H1
CLASS="section"
><A
NAME="AEN9844"
>18.4. Configure the <TT
CLASS="filename"
>/etc/cron.daily/tripwire.verify</TT
> script</A
></H1
><P
>&#13; The <TT
CLASS="filename"
>tripwire.verify</TT
> file is a small script executed by the crond program of your server each day to scan your hard disk for possible changed files or directories and mail the results to
the system administrator. This script will automate the procedure of integrity checking for you. If you intend to automate this task, follow the simple steps below.
</P
><DIV
CLASS="procedure"
><OL
TYPE="1"
><LI
><P
>&#13;
Create the <TT
CLASS="filename"
>tripwire.verify</TT
> script file, <B
CLASS="command"
>touch</B
> <TT
CLASS="filename"
>/etc/cron.daily/tripwire.verify</TT
> and add in this script:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="programlisting"
>&#13; #!/bin/sh
/usr/sbin/tripwire -loosedir -q | (cat &#60;&#60;EOF
This is an automated report of possible file integrity changes, generated by
the Tripwire integrity checker. To tell Tripwire that a file or entire
directory tree is valid, as root run:
/usr/sbin/tripwire -update [pathname|entry]
If you wish to enter an interactive integrity checking and verification
session, as root run:
/usr/sbin/tripwire -interactive
Changed files/directories include:
EOF
cat
) | /bin/mail -s "File integrity report" root
</PRE
></TD
></TR
></TABLE
>
</P
></LI
><LI
><P
>
Now, make this script executable and change its mode to be 0700 with the following command:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="screen"
>&#13; [root@deep] /# <B
CLASS="command"
>chmod</B
> 700 /etc/cron.daily/tripwire.verify
</PRE
></TD
></TR
></TABLE
>
</P
></LI
></OL
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="AEN9860"
>18.4.1. Security Issue</A
></H2
><P
>&#13; It is recommended for better security that the database <TT
CLASS="filename"
>tw.db_[hostname]</TT
> file of Tripwire be moved someplace <SPAN
CLASS="abbrev"
>e.g.</SPAN
> floppy, where it cannot be modified. This is important
because data from Tripwire is only as trustworthy as its database.
It is also recommend that you make a hardcopy printout of the database contents right away. In the event that you become suspicious of the integrity of the database, you will be able to manually compare
information against this hardcopy.
</P
><P
>&#13; For more details, Further documentation, there are several man pages you can read:
<P
></P
><DIV
CLASS="variablelist"
><DL
><DT
><SPAN
CLASS="citerefentry"
><SPAN
CLASS="refentrytitle"
>siggen</SPAN
>(8)</SPAN
></DT
><DD
><P
>&#13; - signature generation routine for Tripwire
</P
></DD
><DT
><SPAN
CLASS="citerefentry"
><SPAN
CLASS="refentrytitle"
>tripwire</SPAN
>(8)</SPAN
></DT
><DD
><P
>&#13; - a file integrity checker for UNIX systems
</P
></DD
><DT
><SPAN
CLASS="citerefentry"
><SPAN
CLASS="refentrytitle"
>tw.config</SPAN
>(5)</SPAN
></DT
><DD
><P
>&#13; - configuration file for Tripwire
</P
></DD
></DL
></DIV
>
</P
><P
>&#13; The commands listed in the next section are some that we use often in regular use, but many more exist. Check the man pages for more details.
</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="chap18sec146.html"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="chap18sec148.html"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Configure the <TT
CLASS="filename"
>/etc/tw.config</TT
> file</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="tripwireASR.html"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Tripwire in <TT
CLASS="literal"
>Interactive Checking Mode</TT
></TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink