tripwire-2.3.1-2

简单介绍tripwire

下载地址 (HTTP):       http://telia.dl.sourceforge.net/sourceforge/tripwire/tripwire-2.3.1-2.tar.gz
下载地址 (FTP):        
使用版本:                   2.3.1-2
软件包大小:                   1.5 MB
预计磁盘使用空间:   63 MB

tripwire 包括tripwire程序,用来检查指定系统中文件的完整性。

tripwire 依赖于:
gcc-2.95.3

安装 tripwire

从下面这个地址下载tripwire的配置补丁:http://downloads.linuxfromscratch.org/blfs-patches.

安装tripwire 可以使用下面命令:

export PATH_HOLD=$PATH &&
export PATH=/opt/gcc2/bin:$PATH &&
ln -s make /usr/bin/gmake &&
cd src &&
gmake release &&
cd .. &&
cp install/install.{sh,cfg} . &&
patch -Np0 -i ../tripwire-cfg.patch &&
./install.sh &&
cp /etc/tripwire/tw.cfg /usr/sbin &&
cp policy/*.txt /usr/share/doc/tripwire

取消上面做的修改:
rm /usr/bin/gmake &&
export PATH=$PATH_HOLD

命令解释

ln -s make /usr/bin/gmake : 我们之所以创建这个符号链接,是因为只有这样,tripware才能安装。在安装了以后,就可以安全地把这个链接删除。

gmake release : 这个命令创建tripwire程序.

cp install.{sh,cfg} . : 把这些拷贝到tripwire的主目录下,才能用它们来安装软件包。

cp policy/*.txt /usr/share/doc/tripwire : 这个命令安装文档。

配置 tripwire

配置文件

/etc/tripwire

配置信息

Tripwire使用一个策略文件来决定检查哪一种文件完整性。默认的策略文件是(twpol.txt,放在/etc/tripwire/里) 是 Redhat 7.0的缺省安装,过时了。

Policy files are also a custom thing 和 should be tailored to each individual distro and/or installation. Some custom policy files can be found below:

http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt
Checks integrity of all files
http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt
Custom policy file for Base LFS 3.0 system
http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt
Custom policy file for SuSE 7.2 system

Download the custom policy file you'd like to try, copy it into /etc/tripwire/, 和 use it instead of twpol.txt. It is, however, recommended that you make your own policy file. Get ideas from the examples above 和 read /usr/share/doc/tripwire/policyguide.txt. twpol.txt is a good policy file for beginners as it will note any changes to the filesystem 和 can even be used as an annoying way of keeping track of changes for uninstallation of software.

After your policy file has been transferred to /etc/tripwire/ you may begin the configuation steps:

twadmin -m P /etc/tripwire/twpol.txt &&
tripwire -m i

During configuration tripwire will create 2 keys: a site key and a local key which will be stored in /etc/tripwire/.

Usage Information

To use tripwire after this 和 run a report using the following command:
tripwire -m c > /etc/tripwire/report.txt

View the output to check the integrity of your files. An automatic integrity report can be produced by using fcron.

Please note that after you run an integrity check, you must check the report 或 email 和 then modify the tripwire database of the files on your system so that tripwire will not continually notify you that files you intentionally changed are a security violation. To do this you must first ls /var/lib/tripwire/report/ 和 note the name of the newest file which starts with linux- 和 ends in .twr. This encrypted file was created during the last report creation 和 is needed to update the tripwire database of your system. Then, type in the following command making the appropriate substitutions for '?':
tripwire -m u -r /var/lib/tripwire/report/linux-???????-??????.twr

You will be placed into vim with a copy of the report in front of you. If all the chnages were good, then just type :x 和 after entering your local key, the database will be updated. If there are files which you still want to be warned about, please remove the x before the filename in the report 和 type :x.

Changing the Policy File

If you are unhappy with your policy file 和 would like to modify it 或 use a new one, modify the policy file 和 then execute the following commands:
twadmin -m P /etc/tripwire/twpol.txt &&
tripwire -m i

内容

tripwire 包括 siggen, tripwire, twadmintwprint.