Tripwire news
Michael Schwendt
ms-nospam-0306 at arcor.de
Mon Nov 24 17:04:22 UTC 2003
On Mon, 24 Nov 2003 15:05:33 +0000, Keith G. Robertson-Turner wrote:
> >> > Post-install scripts for baseline configuration.
> >>
> >> Will this make a filelist with only the existing files in the system?
> >> I've found tripwire's reports hard to use because of the warnings for
> >> non-existent files.
> >
> > You are expected to tune the default configuration and drop all
> > non-existant files to get rid of those warnings. There are small helper
> > scripts (posted in various places) that take a Tripwire report and modify
> > the policy file automatically.
>
> If I get time (or someone volunteers) I may be able to include a script
> that "gawk's" out any non-existent entries in twpol.txt (preferably by
> comment rather than removal).
>
> Then it's just a matter of doing a "tripwire -m p /etc/tripwire/twpol.txt"
> (you may need to specify the "-Z low" flag too) on the new policy file,
> and you're all set.
>
> That's at least a week away though, as it's low priority.
>
> Volunteers?
Find attached my old Perl script which I've used for Red Hat Linux so
far (the included e-mail address is non-functional).
Of course, if someone wants to customize a default Tripwire policy file
in a %post scriplet, it needs much more work, such as querying the
installed files (with "rpm -qf") or comparing the RPM database with
what is included in the policy file.
If integrity of RPM and the RPM database is ensured, one could use
derivatives of "rpm -V" for verifying installed package files and use
Tripwire or AIDE only for directories and files which don't belong to
RPM packages. There are many possibilities...
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tw_genpol.pl
Type: application/octet-stream
Size: 687 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20031124/1d2983a7/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20031124/1d2983a7/attachment.sig>
More information about the fedora-devel-list
mailing list