LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Linux From Scratch
User Name
Password
Linux From Scratch This Forum is for the discussion of LFS.
LFS is a project that provides you with the steps necessary to build your own custom Linux system.

Notices

Reply
 
LinkBack Search this Thread
Old 11-14-2012, 09:27 AM   #1
stoat
Member
 
Registered: May 2007
Distribution: LFS
Posts: 388

Rep: Reputation: 124Reputation: 124
A really simple Tripwire policy file for BLFS


...IMO, that is.

There are several ways to create the policy file needed by Tripwire. First, Tripwire comes with a default policy file and a bunch of sample policy files that can be tweaked and modified. And secondly, there are at least two scripts that I know of that can generate a custom policy file. One of those comes with Tripwire (create_twpol.sh), and the other one by Bill Sharer easily can be found on the Internet (gen_twpol.py).

I've used all of those methods at one time or another, and all of it works. But lately I've settled on the following very simple policy file that seems to work just as well. So far, it's found every file that I've added, deleted, or altered in any of the directories specified for Tripwire to check. It uses only Tripwire's pre-defined property mask variables which don't have to be declared or defined again in a policy file (even though many of the examples do that). The result is not much to look at, but it works...
Code:
# Begin twpol.txt

(
  rulename = "Tripwire Data Files",
  severity = 100
)
{
  /var/lib/tripwire                    -> $(Dynamic) -i ;
  /var/lib/tripwire/report             -> $(Dynamic) (recurse=0) ;
}

(
  rulename = "Root & Home",
  severity = 100
)
{
  /                                    -> $(IgnoreAll) (recurse=1) ;
  /home                                -> $(IgnoreAll) (recurse=1) ;
}

(
  rulename = "System Directories",
  severity = 100
)
{
  /bin                                 -> $(IgnoreNone)-SHa ;
  /boot                                -> $(IgnoreNone)-SHa ;
  /etc                                 -> $(IgnoreNone)-SHa ;
  /lib                                 -> $(IgnoreNone)-SHa ;
  /opt                                 -> $(IgnoreNone)-SHa ;
  /root                                -> $(IgnoreNone)-SHa ;
  /sbin                                -> $(IgnoreNone)-SHa ;
  /usr                                 -> $(IgnoreNone)-SHa ;
}

# End twpol.txt
I chose not to check several directories such as /tmp, /var (except for Tripwire's own directories found in there), and the ones with the virtual filesystems (/dev, /proc, /run, /sys). Not much reason to bother with /mnt and /media. For / and /home, I decided to check them only for files and directories added to or deleted from their top levels. There isn't much use in going down into /home because of all the daily activity in there. And there isn't a need to recurse down the / directory because the individual top level sub-directories are treated recursively with their own separate property mask rules.

Anyway, I like doing it this way so far. And I think it works as well as one of those long exhaustive lists of individual files used in the examples or created by the scripts. I run it everyday via fcron which mails me the result.

Or am I missing something here? If someone sees something that I should reconsider, please say it now.

Last edited by stoat; 11-15-2012 at 07:07 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Periodic update of tripwire policy file kaplan71 Linux - Security 1 07-01-2010 10:47 PM
BLFS Tripwire 2.4.1.2 - twadmin Command not found BrandonJ Linux From Scratch 4 04-20-2010 03:31 PM
editing of configuration and policy file and implementing tripwire anil2003 Linux - Security 1 04-24-2006 02:52 PM
editing of configuration and policy file while implementing tripwire-2.3.1-2-i686.tgz anil2003 VectorLinux 0 03-29-2006 04:36 AM
Tripwire policy Q TruckStuff Linux - Security 1 07-03-2005 06:50 AM


All times are GMT -5. The time now is 08:35 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration