Update README.md
added some instruction from another forked copy of this open source project.
This commit is contained in:
Circuit Static
parent
8052abb3df
commit
64a8287667
54
README.md
54
README.md
|
|
@ -3,3 +3,57 @@
|
||||||
Open Source Tripwire® software is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. The project is based on code originally contributed by [Tripwire, Inc.](http://www.tripwire.com)in 2000.
|
Open Source Tripwire® software is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. The project is based on code originally contributed by [Tripwire, Inc.](http://www.tripwire.com)in 2000.
|
||||||
|
|
||||||
Open Source Tripwire is suitable for monitoring a small number of Linux servers, where centralized control and reporting is not needed and professional support or system automation is not a requirement.
|
Open Source Tripwire is suitable for monitoring a small number of Linux servers, where centralized control and reporting is not needed and professional support or system automation is not a requirement.
|
||||||
|
|
||||||
|
#General Instruction
|
||||||
|
|
||||||
|
The tripwire package comes with a basic configuration file
|
||||||
|
/etc/tripwire/twcfg.txt, which sets the mandatory variables
|
||||||
|
to the defaults as described in the twconfig(4) manual
|
||||||
|
page. This configuration is merely enough to set tripwire
|
||||||
|
to work.
|
||||||
|
|
||||||
|
The following five steps can serve you as a quick cookbook for
|
||||||
|
setting tripwire to work.
|
||||||
|
|
||||||
|
1. Choose a convenient HOSTNAME and generate site and local keys using
|
||||||
|
|
||||||
|
twadmin --generate-keys -L /etc/tripwire/${HOSTNAME}-local.key
|
||||||
|
twadmin --generate-keys -S /etc/tripwire/site.key
|
||||||
|
|
||||||
|
This creates the files named above as arguments.
|
||||||
|
|
||||||
|
2. Compile the configuration file with
|
||||||
|
|
||||||
|
twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt
|
||||||
|
|
||||||
|
This creates file /etc/tripwire/tw.cfg.
|
||||||
|
|
||||||
|
3. Create a policy file. A complex example can be found in
|
||||||
|
/usr/share/doc/packages/tripwire/twpol-Linux.txt. For test purposes,
|
||||||
|
a single rule
|
||||||
|
|
||||||
|
/bin -> $(ReadOnly); # the ending semicolon is mandatory
|
||||||
|
|
||||||
|
or alike will do. Compile this with
|
||||||
|
|
||||||
|
twadmin --create-polfile -S /etc/tripwire/site.key /etc/tripwire/twpol.txt
|
||||||
|
|
||||||
|
provided /etc/tripwire/twpol.txt is the name of your policy file.
|
||||||
|
This creates file /etc/tripwire/tw.pol.
|
||||||
|
|
||||||
|
4. Generates a baseline database (snapshot of the objects residing on
|
||||||
|
the system, according to the installed policy file) using
|
||||||
|
|
||||||
|
tripwire --init
|
||||||
|
|
||||||
|
This creates file /var/lib/tripwire/${HOSTNAME}.twd.
|
||||||
|
|
||||||
|
5. You can check the system with
|
||||||
|
|
||||||
|
tripwire --check
|
||||||
|
|
||||||
|
This prints a report on the standard output and generates file
|
||||||
|
/var/lib/tripwire/report/${HOSTNAME}-YYYYMMDD-HHMMSS.twr. The report can
|
||||||
|
be redisplayed using
|
||||||
|
|
||||||
|
twprint --print-report -r /var/lib/tripwire/report/${HOSTNAME}-YYYYMMDD-HMMSS.twr
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue