2013/5/30
# yum --enablerepo=epel -y install tripwire
# tripwire-setup-keyfiles
Enter the site keyfile passphrase: # 任意のパスフレーズ Verify the site keyfile passphrase: # 再入力 Enter the local keyfile passphrase: # 任意のパスフレーズを設定 Verify the local keyfile passphrase: # 再入力 Please enter your site passphrase: # パスフレーズで応答 Please enter your site passphrase: # パスフレーズで応答
# cd /etc/tripwire # vi twcfg.txt
# 9行目の値をtrueにする。 LOOSEDIRECTORYCHECKING = true # 12行目:報告レベル4にする。 REPORTLEVEL = 4
# cd /etc/tripwire # twadmin -m F -c tw.cfg -S site.key twcfg.txt
Please enter your site passphrase: #パスフレーズ入力 Wrote configuration file: /etc/tripwire/tw.cfg
# ポリシーファイル最適化スクリプト作成
# cd /etc/tripwire # vi twpolmake.pl
#!/usr/bin/perl
# Tripwire Policy File customize tool
# ----------------------------------------------------------------
# Copyright (C) 2003 Hiroaki Izumi
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
# ----------------------------------------------------------------
# Usage:
# perl twpolmake.pl {Pol file}
# ----------------------------------------------------------------
#
$POLFILE=$ARGV[0];
open(POL,"$POLFILE") or die "open error: $POLFILE" ;
my($myhost,$thost) ;
my($sharp,$tpath,$cond) ;
my($INRULE) = 0 ;
while (<POL>) {
chomp;
if (($thost) = /^HOSTNAME\s*=\s*(.*)\s*;/) {
$myhost = `hostname` ; chomp($myhost) ;
if ($thost ne $myhost) {
$_="HOSTNAME=\"$myhost\";" ;
}
}
elsif ( /^{/ ) {
$INRULE=1 ;
}
elsif ( /^}/ ) {
$INRULE=0 ;
}
elsif ($INRULE == 1 and ($sharp,$tpath,$cond) = /^(\s*\#?\s*)(\/\S+)\b(\s+->\s+.+)$/) {
$ret = ($sharp =~ s/\#//g) ;
if ($tpath eq '/sbin/e2fsadm' ) {
$cond =~ s/;\s+(tune2fs.*)$/; \#$1/ ;
}
if (! -s $tpath) {
$_ = "$sharp#$tpath$cond" if ($ret == 0) ;
}
else {
$_ = "$sharp$tpath$cond" ;
}
}
print "$_\n" ;
}
close(POL) ;
# perl twpolmake.pl twpol.txt > twpol.txt.new # twadmin -m P -c tw.cfg -p tw.pol -S site.key twpol.txt.new
Please enter your site passphrase: # パスフレーズ入力 Wrote policy file: /etc/tripwire/tw.pol
# tripwire -m i -s -c tw.cfg Please enter your local passphrase: # パスフレーズ入力
# cd /etc/tripwire # tripwire -m c -s -c tw.cfg
※時間がかかります
