Tripwire… ein schönes kleines Tool um Dateiintegritätsüberprüfungen vorzunehmen.
Mächtig und im ersten Zug vielleicht auch kompliziert, daher ein kleines Brainstorming:
Will man eine bestehende Konfiguration ändern sind ein paar Hürden zu nehmen:
1. Erstellen der Config + Policy
[root@home /etc/tripwire]# twadmin \ --create-cfgfile \ --cfgfile ./tw.cfg \ --site-keyfile ./site.key \ twcfg.txt Please enter your site passphrase: XXXXXXXXXXXXXXXXXX Wrote configuration file: /etc/tripwire/tw.cfg
[root@home /etc/tripwire]# twadmin \ --create-polfile \ --cfgfile tw.cfg \ --site-keyfile site.key twpol.txt Please enter your site passphrase: XXXXXXXXXXXXXXXXXX Wrote policy file: /etc/tripwire/tw.pol [root@home /etc/tripwire]#
2. Initialisieren der Check Datenbank
[root@home /etc/tripwire]# tripwire --init \ --cfgfile ./tw.cfg \ --polfile ./tw.pol \ --site-keyfile ./site.key Please enter your local passphrase: XXXXXXXXXXXXXXXX Parsing policy file: /etc/tripwire/tw.pol Generating the database... *** Processing Unix File System *** Wrote database file: /var/lib/tripwire/$HOSTNAME.twd The database was successfully generated. [root@home /etc/tripwire]#
3. Shortcut’s
vi twcfg.txt vi twpol.txt twadmin -m F -c ./tw.cfg -S ./site.key ./twcfg.txt twadmin -m P -c ./tw.cfg -p ./tw.pol -S ./site.key ./twpol.txt tripwire -m i -c ./tw.cfg -p ./tw.pol
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
