Podstrony

• Index
• Mary Joe Tate Critical Companion to F. Scott Fitzgerald, A Literary Reference to His Life And Work (2007)
• April Gentry Critical Companion to Herman Melville, A Literary Reference to His Life And Work (2006)
• Jeffrey Schultz Critical Companion To John Steinbeck, A Literary Reference To His Life And Work (2005)
• Russell Elliott Murphy Critical Companion to T. S. Eliot, A Literary Reference to His Life and Work (2007)
• Templariusze 1 Rycerze Czerni i Bieli Whyte Jack
• Robert Jordan Ten Ktory Przychodzi Ze Switem
• La Fayette Księżna de Cleves
• Silent Hill 3
• Binek Tadeusz
• Magdalena Zimny Louis Pola
• zanotowane.pl
• doc.pisz.pl
• pdf.pisz.pl
• us5.pev.pl

[ Pobierz całość w formacie PDF ]
.Installing and Configuring Tripwire=======================================================================-----------------------------------------------------------------------Section: Unix File System-----------------------------------------------------------------------Rule Name Severity Level Added Removed Modified--------- -------------- ----- ------- --------Invariant Directories 69 0 0 0Temporary directories 33 0 0 0* Tripwire Data Files 100 1 0 0Critical devices 100 0 0 0User binaries 69 0 0 0Tripwire Binaries 100 0 0 012.9.1.Using twprint to View the Tripwire DatabaseYou can also use twprint to view the entire database or information about selected filesin the Tripwire database.This is useful for seeing just how much information Tripwire istracking on your system.To view the entire Tripwire database, type this command:/usr/sbin/twprint -m d --print-dbfile | lessThis command will generate a large amount of output, with the first few lines appearingsimilar to this:Tripwire(R) 2.3.0 DatabaseDatabase generated by: rootDatabase generated on: Tue Jan 9 13:56:42 2001Database last updated on: Tue Jan 9 16:19:34 2001=================================================================Database Summary:=================================================================Host name: some.host.comHost IP address: 10.1Host ID: NonePolicy file used: /etc/tripwire/tw.polConfiguration file used: /etc/tripwire/tw.cfgDatabase file used: /var/lib/tripwire/some.host.com.twdCommand line used: /usr/sbin/tripwire --init=================================================================Object Summary:=================================================================-----------------------------------------------------------------# Section: Unix File System-----------------------------------------------------------------Mode UID Size Modify Time------ ---------- ---------- ----------/drwxr-xr-x root (0) XXX XXXXXXXXXXXXXXXXX/bindrwxr-xr-x root (0) 4096 Mon Jan 8 08:20:45 2001/bin/arch-rwxr-xr-x root (0) 2844 Tue Dec 12 05:51:35 2000/bin/ashChapter 12.Installing and Configuring Tripwire 159-rwxr-xr-x root (0) 64860 Thu Dec 7 22:35:05 2000/bin/ash.static-rwxr-xr-x root (0) 405576 Thu Dec 7 22:35:05 2000To see information about a particular file that Tripwire is tracking, such as/etc/hosts, typea differenttwprintcommand:/usr/sbin/twprint -m d --print-dbfile /etc/hostsThe result will look similar to this:Object name: /etc/hostsProperty: Value:------------- -----------Object Type Regular FileDevice Number 773Inode Number 216991Mode -rw-r--r--Num Links 1UID root (0)GID root (0)See thetwprintman page for other options.12.10.Updating the Database after an Integrity CheckIf you run an integrity check and Tripwire finds violations, you will first need to determinewhether the violations discovered are actual security breaches or the product of authorizedmodifications.If you recently installed an application or edited critical system files, Trip-wire will (correctly) report integrity check violations.In this case, you should update yourTripwire database so those changes are no longer reported as violations.However, if unau-thorized changes are made to system files that generate integrity check violations, then youshould restore the original file from a backup or reinstall the program.To update your Tripwire database to accept the violations found in a report, you must specifythe report you wish to use to update the database.When issuing the command to integratethose valid violations into your database, be sure to use the most recent report.Type thefollowing command (all on one line), wherenameis the name of the report to be used:/usr/sbin/tripwire --update --twrfile/var/lib/tripwire/report/ name.twrTripwire will show you the particular report using the default text editor (specified in theTripwire configuration file on the EDITOR line).This is your chance to deselect files thatyou do not wish to be updated in the Tripwire database.It is important that you only allowauthorized integrity violations to be changed in the database.All proposed updates to the Tripwire database start with a [x] before the file name.If youwant to specifically exclude a valid violation from being added to the Tripwire database,remove the x from the box.To accept any files with an x beside them as changes, write thefile in the editor and quit the text editor.This signals to Tripwire to alter its database and notreport these files as violations.For example, the default text editor for Tripwire is vi.To write the file with vi and makethe changes to the Tripwire database when updating with a specific report, type:wqinvi s160 Chapter 12.Installing and Configuring Tripwirecommand mode and press [Enter].You will be asked to enter your local passphrase.Then, anew database file will be written to include the valid violations.After a new Tripwire database is written, the newly authorized integrity violations will nolonger show up as warnings when the next integrity check is run.12.11.Updating the Policy FileIf you want to actually change the files Tripwire records in its database or modify the severityin which violations are reported, you need to edit your Tripwire policy file.First, make whatever changes are necessary to the sample policy file(/etc/tripwire/twpol.txt).A common change to this policy file is to comment out anyfiles that do not exist on your system so that they will not generate afile not founderrorin your Tripwire reports.For example, if your system does not have a /etc/smb.conf file,you can tell Tripwire not to try to look for it by commenting out its line intwpol.txt:# /etc/smb.conf -> $(SEC_CONFIG) ;Next, you must tell Tripwire to generate a new /etc/tripwire/tw.pol signed file andthen generate an updated database file based on this policy information.Assuming/etc/tripwire/twpol.txtis the edited policy file, use this command:/usr/sbin/twadmin --create-polfile -S site.key /etc/tripwire/twpol.txtYou will be asked for the site passphrase.Then, thetwpol.txtfile will be parsed and signed.It is important that you update the Tripwire database after creating a new/etc/tripwire/tw.pol file.The most reliable way to accomplish this is to delete yourcurrent Tripwire database and create a new database using the new policy file.If your Tripwire database file is namedwilbur.domain.com.twd, type this command:rm /var/lib/tripwire/wilbur.domain.com.twdThen type the command to create a new database:/usr/sbin/tripwire --initA new database will be created according to the instructions in the new policy file.To makesure the database was correctly changed, run the first integrity check manually and view thecontents of the resulting report.See Section 12.8 and Section 12.9 for specific instructions onthese points.12.11.1.Signing the Configuration FileThe text file with the configuration file changes (commonly /etc/tripwire/twcfg.txt)must be signed to replace the/etc/tripwire/tw.cfgand be used by Tripwire when it runsits integrity check [ Pobierz całość w formacie PDF ]