LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/solrhe/Securing-Optimizing-Linux-R.../chap18sec148.html

290 lines
5.8 KiB
HTML
Raw Permalink Blame History

<HTML
><HEAD
><TITLE
>Tripwire in Interactive Checking Mode</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.60"><LINK
REL="HOME"
TITLE="Securing and Optimizing Linux"
HREF="index.html"><LINK
REL="UP"
TITLE="Linux Tripwire ASR 1.3.1"
HREF="tripwireASR.html"><LINK
REL="PREVIOUS"
TITLE="Configure the /etc/cron.daily/tripwire.verify script"
HREF="chap18sec147.html"><LINK
REL="NEXT"
TITLE="Run Tripwire in Database Update Mode"
HREF="chap18sec149.html"></HEAD
><BODY
CLASS="section"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Securing and Optimizing Linux: RedHat Edition -A Hands on Guide</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="chap18sec147.html"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 18. Linux Tripwire ASR 1.3.1</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="chap18sec149.html"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="section"
><H1
CLASS="section"
><A
NAME="AEN9889"
>18.5. Tripwire in <TT
CLASS="literal"
>Interactive Checking Mode</TT
></A
></H1
><P
>&#13; In <TT
CLASS="literal"
>Interactive Checking Mode</TT
> feature, Tripwire verifies files or directories that have been added, deleted, or changed from the original database and asks the user whether the database entry
should be updated. This mode is the most convenient way of keeping your database up-to-date, but it requires that the user be <I
CLASS="wordasword"
>at the console</I
>. If you intend to use this mode, then follow
the simple steps below.
</P
><DIV
CLASS="procedure"
><OL
TYPE="1"
><LI
><P
>&#13;
Tripwire must have a database to compare against so we first create the file information database. This action will create a file called <TT
CLASS="filename"
>tw.db_[hostname]</TT
> in the directory you specified to hold your
databases where <TT
CLASS="literal"
>[hostname]</TT
> will be replaced with your machine hostname.
To create the file information database for Tripwire, use the command:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="screen"
>&#13; [root@deep] /# <B
CLASS="command"
>cd</B
> /var/spool/tripwire/
[root@deep ]/tripwire# /usr/sbin/tripwire --initialize
</PRE
></TD
></TR
></TABLE
>
We move to the directory we specified to hold our database, and then we create the file information database, which is used for all subsequent Integrity Checking.
</P
></LI
><LI
><P
>&#13; Once the file information database of Tripwire has been created, we can now run Tripwire in <TT
CLASS="literal"
>Interactive Checking Mode</TT
>. This mode will prompt the user for whether or not each changed entry on the
system should be updated to reflect the current state of the file.
To run in Interactive Checking Mode, use the command:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="screen"
>&#13; [root@deep] /# <B
CLASS="command"
>cd</B
> /var/spool/tripwire/database/
[root@deep ]/database# <B
CLASS="command"
>cp</B
> tw.db_myserverhostname /var/spool/tripwire/
[root@deep ]/database# <B
CLASS="command"
>cd ..</B
>
[root@deep ]/tripwire# <B
CLASS="command"
>/usr/sbin/tripwire</B
> --interactive
</PRE
></TD
></TR
></TABLE
>
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="literallayout"
><TT
CLASS="computeroutput"
>&#13; Tripwire(tm) ASR (Academic Source Release) 1.3.1
File Integrity Assessment Software
(c) 1992, Purdue Research Foundation, (c) 1997, 1999 Tripwire
Security Systems, Inc. All Rights Reserved. Use Restricted to
Authorized Licensees.
### Phase 1: Reading configuration file
### Phase 2: Generating file list
### Phase 3: Creating file information database
### Phase 4: Searching for inconsistencies
###
### Total files scanned: 15722
### Files added: 34
### Files deleted: 42
### Files changed: 321
###
### Total file violations: 397
### added: -rwx------ root 22706 Dec 31 06:25:02 1999 /root/tmp/firewall
---&#62; File: '/root/tmp/firewall'
---&#62; Update entry? [YN(y)nh?]
</TT
>
</PRE
></TD
></TR
></TABLE
>
</P
></LI
></OL
></DIV
><DIV
CLASS="note"
><BLOCKQUOTE
CLASS="note"
><P
><B
><SPAN
CLASS="inlinemediaobject"
><IMG
SRC="./images/Note.gif"
ALT="Note"
></IMG
></SPAN
>: </B
>
In interactive mode, Tripwire first reports all added, deleted, and changed files, then allows the user to update the entry in the database.
</P
></BLOCKQUOTE
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="chap18sec147.html"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="chap18sec149.html"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Configure the <TT
CLASS="filename"
>/etc/cron.daily/tripwire.verify</TT
> script</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="tripwireASR.html"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Run Tripwire in <I
CLASS="wordasword"
>Database Update Mode</I
></TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink