Shulou(Shulou.com)06/01 Report--

How to use tripwire, I believe many inexperienced people are helpless about this, this article summarizes the causes and solutions of the problem, through this article I hope you can solve this problem.

Tripwire is currently the most famous Unix file system integrity check software tool, the core of this software technology is to monitor each file to generate a digital signature, preserved. When the current digital signature of a file does not match the digital signature retained, then the file must now have been altered.

Tripwire can perform md5-like operations on system files that require verification, and generate a *** identifier, namely a "snapshot"snapshot. When any of the attributes of these system files, such as size, inode number, permissions, and time, are modified, Tripwire is run again to compare the attributes before and after and generate detailed reports.

1. Download and install

[root@ipython ~]# wget http://nchc.dl.sourceforge.net/project/tripwire/tripwire-src/tripwire-2.4.2.2/tripwire-2.4.2.2-src.tar.bz2[root@ipython ~]# tar jxf tripwire-2.4.2.2-src.tar.bz2 [root@ipython ~]# cd tripwire-2.4.2.2-src [root@ipython tripwire-2.4.2.2-src]#./ configure --prefix=/software/tripwire [root@ipython tripwire-2.4.2.2-src]# make [root@ipython tripwire-2.4.2.2-src]# make install ############INSTALL INTERACTION ##################Press ENTER to view the LicenseAgreement. ###Enter to read license agreement. [donot accept] accept Continue with installation? [y/n] y Enter the site keyfile passphrase: keyfileVerify the site keyfile passphrase: Enter the local keyfile passphrase: ###local keyfileVerify the local keyfile passphrase: Please enter your site passphrase: Please enter your site passphrase: ###Enter #################| sort ipython.me-local.key ####Encrypt local key file site.key ####Encrypt site key file tw.cfg ####Encrypt configuration variable file tw.pol ####Encryption policy file twcfg.txt ####Defines location of database, policy files, and Tripwire executables twpol.txt ####Define what to detect and what to do if you violate

2. Initialization (generation of reference database)

[root@ipython ~]#/software/tripwire/sbin/tripwire --init Please enter your local passphrase:###Type the password and omit this interaction... ... Wrote database file:/software/tripwire/lib/tripwire/ipython.me.twd The database was successfully generated.

3. *** integrity check, and common check parameters

[root@ipython ~]#/software/tripwire/sbin/tripwire --check ##Default check report storage path ##/software/tripwire/lib/tripwire/report/ ##Specify storage path ## [root@ipython ~]#/software/tripwire/sbin/tripwire --check --twrfile ./ test.twr ###Email Send report ### [root@ipython ~]#/software/tripwire/sbin/tripwire --check --email-report ###Specify the level of Email reporting ### [root@ipython ~]#/software/tripwire/sbin/tripwire --check --email-report --email-report-level 2 ###Check with rules specifying severity level ## [root@ipython ~]#/software/tripwire/sbin/tripwire --check --severity 80 ###Check with specified rule name ## [root@ipython ~]#/software/tripwire/sbin/tripwire --check --rule-name rulename ###Check only specified files or directories [root@ipython ~]#/software/tripwire/sbin/tripwire --check object1 object2 object3 ###Check whether to ignore an attribute ## [root@ipython ~]#/software/tripwire/sbin/tripwire --check --ignore "property, property, property" ##Get help [root@ipython ~]#/software/tripwire/sbin/tripwire --help all ##View Report ## [root@ipython ~]#/software/tripwire/sbin/twprint --print-report --twrfile ./ test.twr ##Redirect the contents of encryption report ## [root@ipython ~]#/software/tripwire/sbin/twprint --print-report --twrfile ./ test.twr > output.text ##Specify the level when reporting output ## [root@ipython ~]#/software/tripwire/sbin/twprint --print-report --report-level 4--twrfile ./ test.twr > output.text

4. Upgrade benchmark database file

###The purpose of the upgrade is normal, because check is based on benchmark data ### [root@ipython ~]#/software/tripwire/sbin/tripwire --update --twrfile ./ test.twr ###Automatic update immediately after detection ### [root@ipython ~]#/software/tripwire/sbin/tripwire --check --interactive

5. Upgrade policy file

###Update the policy is robust. You need to modify the policy rules. First redirect the policy ### [root@ipython ~]#/software/tripwire/sbin/twadmin --print-policy file> twpol.txt ##Modify it according to the cat and tiger, and then update### [root@ipython ~]#/software/tripwire/sbin/tripwire --update-policy twpol.txt Parsing policy file:/root/twpol.txt Please enter your local passphrase:Please enter your site passphrase:

6. Modify site key and local key

###Remember to backup ### [root@ipython ~]#/software/tripwire/sbin/twadmin --generate-keys --site-keyfile /software/tripwire/etc/site.key [root@ipython ~]#/software/tripwire/sbin/twadmin --generate-keys --local-keyfile /software/tripwire/etc/site.key #Configuration files masked by site key, data files and report files encrypted with local key # [root@ipython ~]#/software/tripwire/sbin/twadmin --encrypt --site-keyfile /software/tripwire/etc/site.key [root@ipython ~]#/software/tripwire/sbin/twadmin --encrypt --local-keyfile /software/tripwire/etc/ipython.me-local.key

After reading the above content, do you know how to use tripwire? If you still want to learn more skills or want to know more related content, welcome to pay attention to the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.