[ Pobierz całość w formacie PDF ]
.Tripwire (R) is a# registered trademark of the Purdue Research Foundation and is licensed# exclusively to Tripwire (R) Security Systems, Inc.################################################################################206Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture � and OpenDocs PublishingSecurities Software (System Integrity) 1CHAPTER 2NOTE: The file  install.cfg is a Bourne shell script used by the installer to set configurationvariables.These variables specify the target directories where the installer will copy files andwhat the installer should do if the installation process would overwrite existing Tripwire softwarefiles.Step 2Now we must run the installation script to install Tripwire binaries and related files on to oursystem according to whether you are using default or custom configuration values." To run the installation script and install Tripwire, use the following command:[root@deep tmp]#./install.shNOTE: The  install.sh file is the installation script which you run to begin installation of Tripwire.During the installation procedure, you will:1.Answer some questions related to the installation.2.Specify two pass phrases to be assigned for your site and local keys.Step 3When Tripwire is installed in our system it will copy  License.txt ,  README , and Release_Notes files under  /usr directory.Of course after finishing reading those files you cansafely remove them from your  /usr directory with the following command:" To remove these files from your system, use the following command:[root@deep /usr]# rm -f /usr/License.txt README Release_NotesCleanup after work[root@deep /]# cd /var/tmp[root@deep tmp]# rm -rf License.txt README Release-Notes install.cfg install.sh pkg/Tripwire_version_for_Linux_x86_tar.gzThe  rm command as used above will remove all related files and directories we have used toinstall Tripwire for Linux.It will also remove the Tripwire for Linux compressed archive from the /var/tmp directory.ConfigurationsAll software we describe in this book has a specific directory and subdirectory in a tarcompressed archive named  floppy.tgz containing file configurations for specific programs.If youget this archive file, you won t be obliged to reproduce the different configuration files below,manually, or cut and paste them to create your configuration files.Whether you decide to copymanually or get the files made for your convenience from the archive compressed files, it will beto your responsibility to modify, adjust for your needs, and place the files related to Tripwire 2.2.1software in the appropriate places on your server, as shown below.The server configuration filesarchive to download is located at the following Internet address:http://www.openna.com/books/floppy.tgz" To run Tripwire for Linux, the following file is required and must be created or copied tothe appropriate directory on your server.Copy the twpol.txt file to the  /usr/TSS/policy directory.207Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture � and OpenDocs PublishingSecurities Software (System Integrity) 1CHAPTER 2You can obtain the configuration file listed below on our floppy.tgz archive.Copy the following filefrom the decompressed floppy.tgz archive to the appropriate place, or copy and paste it directlyfrom this book to the concerned file.Configuration of the  /usr/TSS/policy/twpol.txt fileThe  /usr/TSS/policy/twpol.txt is the text policy file of Tripwire where you specify what files anddirectories, to check.Note that extensive testing and experience are necessary when editing thispolicy file before you get a working file report.The following is a working example from where youcan start your own customization.Step1You must modify the default policy file, or create your own.The  policyguide.txt file under /usr/TSS/policy directory can help you.Open the policy file  twpol.txt with a text editor (vi/usr/TSS/policy/twpol.txt) and change it to fit your needs:@@section GLOBALTWROOT="/usr";TWBIN="/usr/bin";TWPOL="/usr/TSS/policy";TWDB="/usr/TSS/db";TWSKEY="/usr/TSS/key";TWLKEY="/usr/TSS/key";TWREPORT="/usr/TSS/report";HOSTNAME=deep.openna.com;@@section FSSEC_CRIT = $(IgnoreNone)-SHa; # Critical files - we can't afford to miss any changes.SEC_SUID = $(IgnoreNone)-SHa; # Binaries with the SUID or SGID flags set.SEC_TCB = $(ReadOnly); # Members of the Trusted Computing Base.SEC_BIN = $(ReadOnly); # Binaries that shouldn't changeSEC_CONFIG = $(Dynamic); # Config files that are changed infrequently but accessed often.SEC_LOG = $(Growing); # Files that grow, but that should never change ownership.SEC_INVARIANT = +pug; # Directories that should never change permission or ownership.SIG_LOW = 33; # Non-critical files that are of minimal security impactSIG_MED = 66; # Non-critical files that are of significant security impactSIG_HI = 100; # Critical files that are significant points of vulnerability# Tripwire Binaries(emailto = admin@openna.com, rulename = "Tripwire Binaries", severity = $(SIG_HI)){$(TWBIN)/siggen -> $(ReadOnly);$(TWBIN)/tripwire -> $(ReadOnly);$(TWBIN)/twadmin -> $(ReadOnly);$(TWBIN)/twprint -> $(ReadOnly);}# Tripwire Data Files - Configuration Files, Policy Files, Keys, Reports, Databases(emailto = admin@openna.com, rulename = "Tripwire Data Files", severity = $(SIG_HI)){# NOTE: Removing the inode attribute because when Tripwire creates a backup# it does so by renaming the old file and creating a new one (which will# have a new inode number).Leaving inode turned on for keys, which shouldn't# ever change.# NOTE: this rule will trigger on the first integrity check after database# initialization, and each integrity check afterward until a database update# is run, since the database file will not exist before that point.$(TWDB) -> $(Dynamic) -i;208Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture � and OpenDocs PublishingSecurities Software (System Integrity) 1CHAPTER 2$(TWPOL)/tw.pol -> $(SEC_BIN) -i;$(TWBIN)/tw.cfg -> $(SEC_BIN) -i;$(TWLKEY)/$(HOSTNAME)-local.key -> $(SEC_BIN) ;$(TWSKEY)/site.key -> $(SEC_BIN) ;#don't scan the individual reports$(TWREPORT) -> $(Dynamic) (recurse=0);}# These files are critical to a correct system boot.(emailto = admin@openna.com, rulename = "Critical system boot files", severity = 100){/boot -> $(SEC_CRIT) ;!/boot/System.map ;!/boot/module-info ;}# These files change the behavior of the root account(emailto = admin@openna.com, rulename = "Root config files", severity = 100){/root -> $(SEC_CRIT) ;/root/.bash_history -> $(SEC_LOG) ;}# Commonly accessed directories that should remain static with regards to owner and group(emailto = admin@openna [ Pobierz całość w formacie PDF ]

zanotowane.pl

doc.pisz.pl

pdf.pisz.pl

wblaskucienia.xlx.pl