It is important to make sure that the integrity of the system you are running has not been already compromised. For maximum confidence in your baseline database, you should generate operating system and application
files from a clean installation and original media. Also, it is recommended that you delete the plain text copy of the Tripwire configuration file named twcfg.txt located under the /usr/bin
directory to hide the location of Tripwire's files and prevent anyone from creating a second, or alternate, configuration file.
To delete the plain text copy of the tripwire configuration file, use the following command:
[root@deep] /#rm -f /usr/bin/twcfg.txt
|
Further documentation for more details, there are several man pages you can read:
- siggen(8)
- signature gathering routine for Tripwire
- tripwire(8)
- a file integrity checker for UNIX systems
- twadmin(8)
- Tripwire administrative and utility tool
- twconfig(4)
- Tripwire configuration file reference
- twfiles(5)
- overview of files used by Tripwire and file backup process
- twintro(8)
- introduction to Tripwire software
- twpolicy(4)
- Tripwire policy file reference
- twprint(8)
- Tripwire database and report printer
The commands listed below are some that we use often in our regular use, but many more exist. Check the man page for more details.
Creating the database for the first time; once your policy file has been installed, it is time to build and initialize your database
of file system objects, based on the rules from your policy file. This database will serve as the baseline for later integrity checks.
The syntax for Database Initialization mode is:
[root@deep] /#tripwire --init
|
To initialize your database file, use the following command:
[root@deep] /#tripwire --init
|
Please enter your local passphrase:
Parsing policy file: /usr/TSS/policy/tw.pol
Generating the database...
*** Processing Unix File System ***
Wrote database file: /usr/TSS/db/deep.openna.com.twd
The database was successfully generated.
|
:
When this command has executed, the database is ready and you can check system integrity and review the report file.