Configurations
All software we describe in this book has a specific directory and subdirectory in a tar compressed archive named “floppy.tgz” containing file configurations for specific programs. If you get this archive file, you won’t be obliged to reproduce the different configuration files below, manually, or cut and paste them to create your configuration files. Whether you decide to copy manually or get the files made for your convenience from the archive compressed files, it will be to your responsibility to modify, adjust for your needs and place the files related to Tripwire ASR 1.3.1 software to the appropriate places on your server, as shown below. The server configuration files archive to download is located at the following Internet address: http://www.openna.com/books/floppv.tgz
• To run Tripwire, the following files are required and must be created or copied to their appropriate directories on your server.
Copy the tw.config file to the “/etc” directory.
Copy the tripwire.verify script to the 7etc/cron.daily” directory.
You can obtain the configuration files listed below on our floppy.tgz archive. Copy the following files from the decompressed floppy.tgz archive to their appropriate places or copy them directly from this book to the concerned file.
Configuration of the “/etc/tw.config” file
The 7etc/tw.config” file is the Tripwire configuration file where you decide and set which system files and directories that you want monitored. Note that extensive testing and experience are
necessary when editing this file before you get working file reports. The following is a working example from where you can start you own customization.
Stepi
Create the tw.config file (touch /etc/tw.config) and add in this file all files and directories that you want monitored. The format of the configuration file is described in its header and in the man page tw.config (5):
# Gerhard Mourani: gmourani@videotron.ca
# last updated: 1999/11/12
# First, root’s “home”
/root R
!/root/.bash_history
/ R
# OS itself
/boot/vmlinuz R
# critical boot resources
/boot R
# Critical directories and files
/chroot R
/etc R
/etc/inetd.conf R
/etc/nsswitch.conf R
/etc/red R
/etc/mtab L
/etc/motd L
/etc/group R
/etc/passwd L
# other popular filesystems
/usr R
/usr/local R
/dev L-am
/usr/etc R
# truncate home
=/home R
# var tree
=/var/spool L
/var/log L
/var/lib L
/var/spool/cron L
!/var/lock