LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-26-2002, 09:12 PM   #1
tarballedtux
Member
 
Registered: Aug 2001
Location: Off the coast of Madadascar
Posts: 498

Rep: Reputation: 30
A question about Tripwire


OK i have finally configured Tripwire to only scan the right files and I did an integrity check on myself. I know HAVE to move the database to a read-only medium, so which files should I take and what command-line options change?

Just so you know I'm putting the database on CD - the floppy flopped out)

Thanks in advance
 
Old 04-27-2002, 01:08 AM   #2
russell
LQ Newbie
 
Registered: Mar 2001
Distribution: *Linux*
Posts: 27

Rep: Reputation: 15
Your dbfile should be at /var/lib/tripwire/$(HOSTNAME).twd

Check your /etc/tripwire/twcfg.txt which tells you where your dbfile and other related files are.

But why do you need to take backup's? I'm not sure, but would like to know more details on that.


Regards
Russell
 
Old 04-27-2002, 04:10 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,371
Blog Entries: 55

Rep: Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555
The reason for making a backup on read-only media of any verification databases (rpm, Aide, Tripwire or plain md5sums, etc etc) is to shield it from corruption and tampering.
This way, when you need to verify the integrity of your files on disk you don't need to worry about the integrity of your signature database as well.
 
Old 04-27-2002, 06:16 AM   #4
russell
LQ Newbie
 
Registered: Mar 2001
Distribution: *Linux*
Posts: 27

Rep: Reputation: 15
Thanks soo much. A very important point to note. Otherwise tripwire or anyother would remain useless.

Regards
Russell.
 
Old 04-27-2002, 09:14 AM   #5
tarballedtux
Member
 
Registered: Aug 2001
Location: Off the coast of Madadascar
Posts: 498

Original Poster
Rep: Reputation: 30
OK I wrote the Tripwire DB to read-only CD-ROM.

Tell me if this command is adequate and uses on the right parameters:

tripwire --check -S /mnt/cdrom/site.key -p /mnt/cdrom/tw.pol -d /mnt/cdrom/*******.twd

When this command I didn't get a report like when I ran: tripwire --check

Thnaks in advance

Last edited by tarballedtux; 04-27-2002 at 09:18 AM.
 
Old 04-28-2002, 11:18 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,371
Blog Entries: 55

Rep: Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555
Uhh.. Dunno bout report settings, should be something in your config. If you just copy your tw.cfg to tw-cdr.cfg and change the settings to where the cd files are, you could have the tripwire-check cronjob first check if the cd is mounted and then run the cd config (--cfgfile), or else run the config on disk.

Btw, if ure using a cdrw, I hope no luser can use cdrecord to blank the disk? :-]
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Question about Tripwire linuxboy69 Linux - Security 2 10-05-2004 11:49 AM
Tripwire log question PktLoss Linux - Security 1 08-28-2004 05:00 AM
Tripwire question dominant Linux - Security 2 03-28-2004 05:04 AM
Tripwire brokenflea Linux - Security 2 03-02-2004 01:07 PM
tripwire reports /usr/sbin/tripwire changed alfaalfabeta Linux - Security 5 07-22-2003 05:52 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration