Securing Tripwire for Linux

The syntax for database update mode is: [root@deep /]# tripwire {-update -r}
•    To update the database, use the command:
[root@deep /]# tripwire -update -r /usr/TSS/report/deep.openna.com-200001-021854.twr
Where “-r” read the specified report file (deep.openna.com-200001-021854.twr). This option is required since the REPORTFILE variable in the current configuration file uses $(DATE).
NOTE: In Database Update Mode or Interactive Check Mode, Tripwire software displays the report in your terminal with a ballot box next to each policy violation. You can approve a change to the file system by leaving the “x” next to each policy violation or remove the “x” from the ballot box and the database will not be updated with the new value(s) for that object. After you exit the editor and provide the local pass phrase, Tripwire software will update and save your changes.
Updating the policy file
Some times you want to change the rules in your policy file to reflect new file locations or policy rules. A special command exists to do the work and update the database without requiring a complete re-initialization of the policy file. This can save a significant amount of time and preserves security by keeping the policy file synchronized with the database it uses.
The syntax for policy update mode is:
[root@deep /]# tripwire {-update-policy /path/to/new/policy/file}
•    To update the policy file, use the command:
[root@deep /]# tripwire -update-policy/usr/TSS/policy/newtwpol.txt
The policy Update mode runs with the “-secure-mode high” option by default. You may encounter errors when running with this option if the file system has changed since the last database update, and if the changes cause a violation in the new policy. After determining that all of the violations reported in high security mode are authorized, you can update the policy file in low security mode to solve this situation:
•    To update the policy file in low security mode, use the command:
[root@deep /]# tripwire -update-policy -secure-mode low/usr/TSS/policy/newtwpol.txt
Installed files
>    /usr/TSS    > /usr/TSS/key/deep.openna.com-local.key
>    /usr/bin    > /usr/man
>    /usr/bin/siggen    > /usr/man/man4
>    /usr/bin/twprint    > /usr/man/man4/twconfig.4
>    /usr/bin/twadmin    > /usr/man/man4/twpolicy.4
>    /usr/bin/tripwire    > /usr/man/man5
>    /usr/bin/twcfg.txt    > /usr/man/man5/twfiles.5
>    /usr/bin/tw.cfg    > /usr/man/man8
>    /usr/TSS/policy    > /usr/man/man8/siggen.8
>    /usr/TSS/policy/policyguide.txt    > /usr/man/man8/tripwire.8
>    /usr/TSS/policy/twpol.txt    > /usr/man/man8/twadmin.8
>    /usr/TSS/policy/tw.pol    > /usr/man/man8/twintro.8
>    /usr/TSS/policy/twpol.txt.bak    > /usr/man/man8/twprint.8
>    /usr/TSS/report    > /usr/README
>    /usr/TSS/db    > /usr/Release_Notes
>    /usr/TSS/key    > /usr/License.txt
>    /usr/TSS/key/site.key

Страниц: 1 2