Date: Thu, 01 Feb 2001 08:28:13 -0800 From: Cy Schubert <cschuber@uumail.gov.bc.ca> To: "Dan Harp" <danh@eagle.ca> Cc: Cy.Schubert@uumail.gov.bc.ca, ports@FreeBSD.org Subject: Re: FreeBSD Port: tripwire-1.3.1 Message-ID: <200102011628.f11GSIp39308@passer.osg.gov.bc.ca> In-Reply-To: Your message of "Mon, 29 Jan 2001 11:18:29 EST." <NDBBJJNIIACACBOGMNIOOEOJEMAA.danh@eagle.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <NDBBJJNIIACACBOGMNIOOEOJEMAA.danh@eagle.ca>, "Dan Harp" writes: > Greetings, Sorry for replying so late, flu. > > > Where could I find some information on how to setup tripwire? There's really not much out there. The tripwire tarball contains some documentation and the a tw.config file. The rest of it is trial and error, depending on what you want to monitor. Once you have a config you're happy with, you can distribute that to other FreeBSD systems. If you want to run Tripwire on other platforms, e.g. Solaris, Tru64-UNIX, Linux, AIX, etc., the config file will differ greatly. For example Tru64-UNIX with C2 security turned on will touch some system config files after each reboot. This is why this becomes an iterative process, because you have to learn a lot about the system you intend to monitor. > > More specifically, how to set it up to e-mail the root a daily log of > security information. This is what I do. 0 0 * * * /usr/local/bin/tripwire 2>&1 | /usr/bin/mail -s 'passer tripwire output' security 0 0 * * * cd /var/adm/tcheck; /usr/local/bin/pgp tw.config.asc tw.config 2>&1 | mail -s 'passer tw.config check' security 0 0 * * * cd /var/adm/tcheck/databases; /usr/local/bin/pgp tw.db_passer.osg.gov.bc.ca.sig tw.db_passer.osg.gov.bc.ca 2>&1 | mail -s 'passer tw.db check' security The security officer key is signed by a number of other keys, making it easy for me to detect whether it has been tampered with. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102011628.f11GSIp39308>