LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-03-2008, 02:58 PM   #1
fullgore
Member
 
Registered: Aug 2006
Location: Brasilia, Brazil
Distribution: Slackware / Suse / FreeBSD
Posts: 55

Rep: Reputation: 15
Tripwire Policy Update


Im at a Debian 4 with tripwire 2.3.1.2 installed. The software is working well except about these:

I add new directory rules to track and the tripwire does the tracking of the directory and the files, but if I add or modify any parameter of an existing directory rule when I type "tripwire --update-policy /path/to/policy/file" I received a big FAILED, I can only update the policy rules if I add or modify a directory rule, Im not understanding whats happening.

I checked out the parameters and variables to config a rule, I tested many of them but acording to my tests I thinking theres no way to track the user who removed a file or directory. Does anybody know any rule to track this?

Thanks...
 
Old 06-03-2008, 11:19 PM   #2
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,138

Rep: Reputation: 168Reputation: 168
If you're using default values for everything and you've made some modifications to your policy text file twpol.txt, you can update the policy with:
Code:
tripwire --update-policy --secure-mode low --verbose --cfgfile tw.cfg --site-keyfile site.key twpol.txt
Because it uses --secure-mode low, make sure you're confident about the box's security since it ignores changes to files made since the last update.

As far as tracking who changed files/directories goes, I don't think you can do it in tripwire - you'll need something else to do that.
 
Old 06-04-2008, 07:46 AM   #3
fullgore
Member
 
Registered: Aug 2006
Location: Brasilia, Brazil
Distribution: Slackware / Suse / FreeBSD
Posts: 55

Original Poster
Rep: Reputation: 15
Wink

Quote:
Originally Posted by gilead View Post
If you're using default values for everything and you've made some modifications to your policy text file twpol.txt, you can update the policy with:
Code:
tripwire --update-policy --secure-mode low --verbose --cfgfile tw.cfg --site-keyfile site.key twpol.txt
Because it uses --secure-mode low, make sure you're confident about the box's security since it ignores changes to files made since the last update.

As far as tracking who changed files/directories goes, I don't think you can do it in tripwire - you'll need something else to do that.
Thank You Very Much !!!
The command worked very well...
About tracking the user who removed a file or directory, do you know any software capable to do this?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
tripwire policy update fails dsids Linux - Security 4 08-08-2006 01:57 PM
Tripwire + Logrotate Policy TruckStuff Linux - Security 6 09-08-2005 03:00 PM
Tripwire policy Q TruckStuff Linux - Security 1 07-03-2005 06:50 AM
Tripwire policy update brain_bucket Linux - Security 2 09-03-2003 08:35 AM
Need Tripwire Policy Advice JimKyle Linux - Security 4 03-03-2002 05:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration