Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Securing and Optimizing Linux: RedHat Edition -A Hands on Guide
PrevChapter 18. Linux Tripwire ASR 1.3.1Next

18.4. Configure the /etc/cron.daily/tripwire.verify script

The tripwire.verify file is a small script executed by the crond program of your server each day to scan your hard disk for possible changed files or directories and mail the results to the system administrator. This script will automate the procedure of integrity checking for you. If you intend to automate this task, follow the simple steps below.

  1. Create the tripwire.verify script file, touch /etc/cron.daily/tripwire.verify and add in this script: 
              #!/bin/sh
          /usr/sbin/tripwire -loosedir -q | (cat <<EOF
          This is an automated report of possible file integrity changes, generated by
          the Tripwire integrity checker. To tell Tripwire that a file or entire
          directory tree is valid, as root run:
          /usr/sbin/tripwire -update [pathname|entry]
          If you wish to enter an interactive integrity checking and verification
          session, as root run:
          /usr/sbin/tripwire -interactive
          Changed files/directories include:
          EOF
          cat
          ) | /bin/mail -s "File integrity report" root

  2. Now, make this script executable and change its mode to be 0700 with the following command: 
              [root@deep] /# chmod 700  /etc/cron.daily/tripwire.verify

18.4.1. Security Issue

It is recommended for better security that the database tw.db_[hostname] file of Tripwire be moved someplace e.g. floppy, where it cannot be modified. This is important because data from Tripwire is only as trustworthy as its database. It is also recommend that you make a hardcopy printout of the database contents right away. In the event that you become suspicious of the integrity of the database, you will be able to manually compare information against this hardcopy.

For more details, Further documentation, there are several man pages you can read:

siggen(8)

- signature generation routine for Tripwire

tripwire(8)

- a file integrity checker for UNIX systems

tw.config(5)

- configuration file for Tripwire

The commands listed in the next section are some that we use often in regular use, but many more exist. Check the man pages for more details.

PrevHomeNext
Configure the /etc/tw.config fileUpTripwire in Interactive Checking Mode
  
 
  Published under the terms of the Open Publication License Design by Interspire