[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Tripwire news

On Mon, 24 Nov 2003 15:05:33 +0000, Keith G. Robertson-Turner wrote:

> >> > Post-install scripts for baseline configuration.
> >>
> >> Will this make a filelist with only the existing files in the system?
> >> I've found tripwire's reports hard to use because of the warnings for
> >> non-existent files.
> >
> > You are expected to tune the default configuration and drop all
> > non-existant files to get rid of those warnings. There are small helper
> > scripts (posted in various places) that take a Tripwire report and modify
> > the policy file automatically.
> If I get time (or someone volunteers) I may be able to include a script
> that "gawk's" out any non-existent entries in twpol.txt (preferably by
> comment rather than removal).
> Then it's just a matter of doing a "tripwire -m p /etc/tripwire/twpol.txt"
> (you may need to specify the "-Z low" flag too) on the new policy file,
> and you're all set.
> That's at least a week away though, as it's low priority.
> Volunteers?

Find attached my old Perl script which I've used for Red Hat Linux so
far (the included e-mail address is non-functional).

Of course, if someone wants to customize a default Tripwire policy file
in a %post scriplet, it needs much more work, such as querying the
installed files (with "rpm -qf") or comparing the RPM database with
what is included in the policy file.

If integrity of RPM and the RPM database is ensured, one could use
derivatives of "rpm -V" for verifying installed package files and use
Tripwire or AIDE only for directories and files which don't belong to
RPM packages. There are many possibilities...


Attachment: tw_genpol.pl
Description: Binary data

Attachment: pgp00149.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]