|
1、下载并安装
- [root@ipython ~]# wget http://nchc.dl.sourceforge.net/project/tripwire/tripwire-src/tripwire-2.4.2.2/tripwire-2.4.2.2-src.tar.bz2[root@ipython ~]# tar jxf tripwire-2.4.2.2-src.tar.bz2
- [root@ipython ~]# cd tripwire-2.4.2.2-src
-
- [root@ipython tripwire-2.4.2.2-src]#./configure --prefix=/software/tripwire
- [root@ipython tripwire-2.4.2.2-src]# make
- [root@ipython tripwire-2.4.2.2-src]# make install
-
- ############INSTALL 交互#################
- Press ENTER to view the LicenseAgreement. ###回车阅读协议
- license agreement.[donot accept] accept ###同意协议
- Continuewith installation?[y/n] y ###确认继续安装
- Enter the site keyfile passphrase: ###需要记住的keyfile
- Verify the site keyfile passphrase: ###重复
- Enter the local keyfile passphrase: ###需要记住的local keyfile
- Verify the local keyfile passphrase: ###重复
- Please enter your site passphrase: ###输入
- Please enter your site passphrase: ###输入
- ############交互结束,完成安装#################
- [root@ipython tripwire-2.4.2.2-src]# ls /software/tripwire/etc/| sort
- ipython.me-local.key ####加密本地密钥文件
- site.key ####加密站点密钥文件
- tw.cfg ####加密配置变量文件
- tw.pol ####加密策略文件
- twcfg.txt ####定义数据库、策略文件和Tripwire可执行文件的位置
- twpol.txt ####定义检测的对象及违规时采取的行为
2、初始化(生成基准数据库)
- [root@ipython ~]#/software/tripwire/sbin/tripwire --init
- Please enter your local passphrase:###键入密码,后面省略此交互
- ...
- ...
- Wrote database file:/software/tripwire/lib/tripwire/ipython.me.twd
- The database was successfully generated.
3、第一次完整性检查,和常用检查参数
- [root@ipython ~]#/software/tripwire/sbin/tripwire --check
-
- ##默认检查报告存放路径##/software/tripwire/lib/tripwire/report/
- ##指定存放路径##
- [root@ipython ~]#/software/tripwire/sbin/tripwire --check --twrfile ./test.twr
- ###Email 发送报告###
- [root@ipython ~]#/software/tripwire/sbin/tripwire --check --email-report
- ###指定Email 报告的级别###
- [root@ipython ~]#/software/tripwire/sbin/tripwire --check --email-report --email-report-level 2
- ###使用指定严重性等级的规则进行检查###
- [root@ipython ~]#/software/tripwire/sbin/tripwire --check --severity 80
- ###使用指定的规则名检查##
- [root@ipython ~]#/software/tripwire/sbin/tripwire --check --rule-name rulename
- ###只检查指定的文件或目录
- [root@ipython ~]#/software/tripwire/sbin/tripwire --check object1 object2 object3
- ###检查是忽略某属性###
- [root@ipython ~]#/software/tripwire/sbin/tripwire --check --ignore "property, property, property, property"
- ###获取帮助
- [root@ipython ~]#/software/tripwire/sbin/tripwire --help all
-
- ##检视报告##
- [root@ipython ~]#/software/tripwire/sbin/twprint --print-report --twrfile ./test.twr
-
- ##重定向加密报告的内容##
- [root@ipython ~]#/software/tripwire/sbin/twprint --print-report --twrfile ./test.twr > output.text
-
- ##指定报告输出时的级别##
- [root@ipython ~]#/software/tripwire/sbin/twprint --print-report --report-level 4--twrfile ./test.twr > output.text
4、升级基准数据库文件
- ###升级的目的是很正常的,因为check 是基于基准数据的###
- [root@ipython ~]#/software/tripwire/sbin/tripwire --update --twrfile ./test.twr
- ###检测后立即自动update###
- [root@ipython ~]#/software/tripwire/sbin/tripwire --check --interactive
5、升级策略文件
- ###更新策略稳健,需要修改策略的规则,先将策略重定向出来###
- [root@ipython ~]#/software/tripwire/sbin/twadmin --print-polfile > twpol.txt
- ###照猫画虎修改吧,然后update###
- [root@ipython ~]#/software/tripwire/sbin/tripwire --update-policy twpol.txt
- Parsing policy file:/root/twpol.txt
- Please enter your local passphrase:Please enter your site passphrase:
6、修改site key 和 local key
- ###修改前记得备份下###
- [root@ipython ~]#/software/tripwire/sbin/twadmin --generate-keys --site-keyfile /software/tripwire/etc/site.key
-
- [root@ipython ~]#/software/tripwire/sbin/twadmin --generate-keys --local-keyfile /software/tripwire/etc/site.key
-
- #配置文件通过site key 假面,数据文件和报告文件用local key 加密#
- [root@ipython ~]#/software/tripwire/sbin/twadmin --encrypt --site-keyfile /software/tripwire/etc/site.key
-
- [root@ipython ~]#/software/tripwire/sbin/twadmin --encrypt --local-keyfile /software/tripwire/etc/ipython.me-local.key
原文链接:http://www.ipython.me/centos/tripwire-file-md5.html |
评论暂时关闭