290 lines
5.8 KiB
HTML
290 lines
5.8 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Tripwire in Interactive Checking Mode</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.60"><LINK
|
|
REL="HOME"
|
|
TITLE="Securing and Optimizing Linux"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Linux Tripwire ASR 1.3.1"
|
|
HREF="tripwireASR.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Configure the /etc/cron.daily/tripwire.verify script"
|
|
HREF="chap18sec147.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Run Tripwire in Database Update Mode"
|
|
HREF="chap18sec149.html"></HEAD
|
|
><BODY
|
|
CLASS="section"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Securing and Optimizing Linux: RedHat Edition -A Hands on Guide</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="chap18sec147.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 18. Linux Tripwire ASR 1.3.1</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="chap18sec149.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><H1
|
|
CLASS="section"
|
|
><A
|
|
NAME="AEN9889"
|
|
>18.5. Tripwire in <TT
|
|
CLASS="literal"
|
|
>Interactive Checking Mode</TT
|
|
></A
|
|
></H1
|
|
><P
|
|
> In <TT
|
|
CLASS="literal"
|
|
>Interactive Checking Mode</TT
|
|
> feature, Tripwire verifies files or directories that have been added, deleted, or changed from the original database and asks the user whether the database entry
|
|
should be updated. This mode is the most convenient way of keeping your database up-to-date, but it requires that the user be <I
|
|
CLASS="wordasword"
|
|
>at the console</I
|
|
>. If you intend to use this mode, then follow
|
|
the simple steps below.
|
|
</P
|
|
><DIV
|
|
CLASS="procedure"
|
|
><OL
|
|
TYPE="1"
|
|
><LI
|
|
><P
|
|
>
|
|
Tripwire must have a database to compare against so we first create the file information database. This action will create a file called <TT
|
|
CLASS="filename"
|
|
>tw.db_[hostname]</TT
|
|
> in the directory you specified to hold your
|
|
databases where <TT
|
|
CLASS="literal"
|
|
>[hostname]</TT
|
|
> will be replaced with your machine hostname.
|
|
|
|
To create the file information database for Tripwire, use the command:
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="screen"
|
|
> [root@deep] /# <B
|
|
CLASS="command"
|
|
>cd</B
|
|
> /var/spool/tripwire/
|
|
[root@deep ]/tripwire# /usr/sbin/tripwire --initialize
|
|
</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
We move to the directory we specified to hold our database, and then we create the file information database, which is used for all subsequent Integrity Checking.
|
|
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> Once the file information database of Tripwire has been created, we can now run Tripwire in <TT
|
|
CLASS="literal"
|
|
>Interactive Checking Mode</TT
|
|
>. This mode will prompt the user for whether or not each changed entry on the
|
|
system should be updated to reflect the current state of the file.
|
|
To run in Interactive Checking Mode, use the command:
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="screen"
|
|
> [root@deep] /# <B
|
|
CLASS="command"
|
|
>cd</B
|
|
> /var/spool/tripwire/database/
|
|
[root@deep ]/database# <B
|
|
CLASS="command"
|
|
>cp</B
|
|
> tw.db_myserverhostname /var/spool/tripwire/
|
|
[root@deep ]/database# <B
|
|
CLASS="command"
|
|
>cd ..</B
|
|
>
|
|
[root@deep ]/tripwire# <B
|
|
CLASS="command"
|
|
>/usr/sbin/tripwire</B
|
|
> --interactive
|
|
</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="literallayout"
|
|
><TT
|
|
CLASS="computeroutput"
|
|
> Tripwire(tm) ASR (Academic Source Release) 1.3.1
|
|
File Integrity Assessment Software
|
|
(c) 1992, Purdue Research Foundation, (c) 1997, 1999 Tripwire
|
|
Security Systems, Inc. All Rights Reserved. Use Restricted to
|
|
Authorized Licensees.
|
|
### Phase 1: Reading configuration file
|
|
### Phase 2: Generating file list
|
|
### Phase 3: Creating file information database
|
|
### Phase 4: Searching for inconsistencies
|
|
###
|
|
### Total files scanned: 15722
|
|
### Files added: 34
|
|
### Files deleted: 42
|
|
### Files changed: 321
|
|
###
|
|
### Total file violations: 397
|
|
### added: -rwx------ root 22706 Dec 31 06:25:02 1999 /root/tmp/firewall
|
|
---> File: '/root/tmp/firewall'
|
|
---> Update entry? [YN(y)nh?]
|
|
</TT
|
|
>
|
|
</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
</P
|
|
></LI
|
|
></OL
|
|
></DIV
|
|
><DIV
|
|
CLASS="note"
|
|
><BLOCKQUOTE
|
|
CLASS="note"
|
|
><P
|
|
><B
|
|
><SPAN
|
|
CLASS="inlinemediaobject"
|
|
><IMG
|
|
SRC="./images/Note.gif"
|
|
ALT="Note"
|
|
></IMG
|
|
></SPAN
|
|
>: </B
|
|
>
|
|
In interactive mode, Tripwire first reports all added, deleted, and changed files, then allows the user to update the entry in the database.
|
|
</P
|
|
></BLOCKQUOTE
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="chap18sec147.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="chap18sec149.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Configure the <TT
|
|
CLASS="filename"
|
|
>/etc/cron.daily/tripwire.verify</TT
|
|
> script</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="tripwireASR.html"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Run Tripwire in <I
|
|
CLASS="wordasword"
|
|
>Database Update Mode</I
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |