Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 01 Feb 2001 08:28:13 -0800
From:      Cy Schubert <cschuber@uumail.gov.bc.ca>
To:        "Dan Harp" <danh@eagle.ca>
Cc:        Cy.Schubert@uumail.gov.bc.ca, ports@FreeBSD.org
Subject:   Re: FreeBSD Port: tripwire-1.3.1 
Message-ID:  <200102011628.f11GSIp39308@passer.osg.gov.bc.ca>
In-Reply-To: Your message of "Mon, 29 Jan 2001 11:18:29 EST." <NDBBJJNIIACACBOGMNIOOEOJEMAA.danh@eagle.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message <NDBBJJNIIACACBOGMNIOOEOJEMAA.danh@eagle.ca>, "Dan Harp" 
writes:
> Greetings,

Sorry for replying so late, flu.

> 
> 
> Where could I find some information on how to setup tripwire?

There's really not much out there.  The tripwire tarball contains some 
documentation and the a tw.config file.  The rest of it is trial and 
error, depending on what you want to monitor.  Once you have a config 
you're happy with, you can distribute that to other FreeBSD systems.  
If you want to run Tripwire on other platforms, e.g. Solaris, 
Tru64-UNIX, Linux, AIX, etc., the config file will differ greatly.  For 
example Tru64-UNIX with C2 security turned on will touch some system 
config files after each reboot.  This is why this becomes an iterative 
process, because you have to learn a lot about the system you intend to 
monitor.

> 
> More specifically, how to set it up to e-mail the root a daily log of
> security information.

This is what I do.

0 0 * * * /usr/local/bin/tripwire 2>&1 | /usr/bin/mail -s 'passer 
tripwire output' security
0 0 * * * cd /var/adm/tcheck; /usr/local/bin/pgp tw.config.asc 
tw.config 2>&1 | mail -s 'passer tw.config check' security
0 0 * * * cd /var/adm/tcheck/databases; /usr/local/bin/pgp 
tw.db_passer.osg.gov.bc.ca.sig tw.db_passer.osg.gov.bc.ca 2>&1 | mail 
-s 'passer tw.db check' security

The security officer key is signed by a number of other keys, making it 
easy for me to detect whether it has been tampered with.


Regards,                         Phone:  (250)387-8437
Cy Schubert                        Fax:  (250)387-5766
Team Leader, Sun/Alpha Team   Internet:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC            




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102011628.f11GSIp39308>