Tripwire¤Î¥¤¥ó¥¹¥È¡¼¥ë †http://www.tripwire.org/ ¤«¤étripwire-2.3-47.i386.tar.gz ¤òget # tar xvzf tripwire-2.3-47.i386.tar.gz # rpm -ivh tripwire-2.3-47.i386.rpm ÀßÄê¥Õ¥¡¥¤¥ë¤ÎºîÀ® †# /etc/tripwire/twinstall.sh ¥µ¥¤¥È¥¡¼¥Õ¥¡¥¤¥ë¤Î¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎÏ Enter the site keyfile passphrase: ¤â¤¦°ìÅÙÆþÎÏ Verify the site keyfile passphrase: ¥í¡¼¥«¥ë¥¡¼¥Õ¥¡¥¤¥ë¤Î¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎÏ Enter the local keyfile passphrase: ¤â¤¦°ìÅÙÆþÎÏ Verify the local keyfile passphrase: ºÇ½é¤ËÆþÎϤ·¤¿¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎÏ Please enter your site passphrase: ¤µ¤é¤Ë¤â¤¦°ìÅÙÆþÎÏ Please enter your site passphrase: ¤³¤ì¤Ç /etc/tripwire °Ê²¼¤Ë ¥Û¥¹¥È̾-local.key ¤È site.key ¤¬¤Ç¤¤ë ɬÍפ˱þ¤¸¤Æ /etc/tripwire/twcfg.txt ¤ÎÆâÍƤòÊѹ¹¤¹¤ë¡ÊÆäËɬÍפʤ·¡£¤È»×¤¦¡Ë ÀßÄê¥Õ¥¡¥¤¥ë¤Î°Å¹æ²½ †# /usr/sbin/twadmin -m F -c tw.cfg -S site.key /etc/tripwire/twcfg.txt ¥µ¥¤¥È¥¡¼¤ÎÆþÎÏ Please enter your site passphrase: ¥Ý¥ê¥·¡¼¥Õ¥¡¥¤¥ë¤ÎºîÀ® †É¬Íפ˱þ¤¸¤Æ /etc/tripwire/twpol.txt ¤ÎÆâÍƤòÊѹ¹¤¹¤ë¡Ê¸«¤Æ¤â¤è¤¯¤ï¤«¤é¤Ê¤¤¤Î¤ÇÆäËɬÍפʤ·¡£¤È»×¤¦¡Ë ¥Ý¥ê¥·¡¼¥Õ¥¡¥¤¥ë¤ò°Å¹æ²½¤¹¤ë # /usr/sbin/twadmin -m P -S site.key twpol.txt ¥µ¥¤¥È¥¡¼¤ÎÆþÎÏ Please enter your site passphrase: Èæ³ÓÍѥǡ¼¥¿¥Ù¡¼¥¹¤ÎºîÀ® †½é¤á¤ÏÈæ³Ó¤¹¤ë¥Õ¥¡¥¤¥ë¤¬¤Ê¤¤¤Î¤Ç¤«¤Ê¤ê¤ÎWarning¤¬½Ð¤Þ¤¹ # /usr/sbin/tripwire -m i ¥í¡¼¥«¥ë¥¡¼¤ÎÆþÎÏ Please enter your local passphrase: Warning¤ò»²¹Í¤Ë¤·¤Æ¸ºß¤·¤Ê¤¤¥Õ¥¡¥¤¥ë¤ò¥³¥á¥ó¥È¥¢¥¦¥È¤â¤·¤¯¤Ïºï½ü¤¹¤ë¡Ê¥Õ¥¡¥¤¥ë¤Î¾ì½ê¤¬°ã¤¦¤À¤±¤«¤â¤·¤ì¤Ê¤¤¤Î¤ÇÃí°Õ¡Ë # vi twpol.txt °ìÄ̤êºï½ü¤·¤ÆºÆÅ٥ݥꥷ¡¼¥Õ¥¡¥¤¥ëºîÀ® # /usr/sbin/twadmin -m P -S site.key twpol.txt # /usr/sbin/tripwire -m i ¤ÇWarning¤¬½Ð¤Ê¤±¤ì¤ÐOK À°¹çÀ¥Á¥§¥Ã¥¯ †# /usr/sbin/tripwire -m c ·ë²Ì¤Ï /var/lib/tripwire/report ¤Ë {¥Û¥¹¥È̾}-{ÆüÉÕ}-{»þ´Ö}.twr ¤Î¥Õ¥¡¥¤¥ë¤È¤·¤ÆÊݸ¤µ¤ì¤ë Äê´üŪ¤Ë¥Á¥§¥Ã¥¯¤¹¤ë¤Ë¤Ïcron¤ËÅÐÏ¿¤¹¤ë # vi /etc/cron.daily/tripwire-check #!/bin/sh HOST_NAME=`uname -n` if [ ! -e /var/lib/tripwire/${HOST_NAME}.twd ] ; then echo "**** Error: Tripwire database for ${HOST_NAME} not found. ****" echo "**** Run "/etc/tripwire/twinstall.sh" and/or "tripwire --init". ****" else test -f /etc/tripwire/tw.cfg && /usr/sbin/tripwire --check fi # chmod 755 /etc/cron.daily/tripwire-check ¥Ç¡¼¥¿¥Ù¡¼¥¹¤Î¥¢¥Ã¥×¥Ç¡¼¥È †# /usr/sbin/tripwire --update --twrfile {¥Û¥¹¥È̾}-{ÆüÉÕ}-{»þ´Ö}.twr vi¤¬Î©¤Á¾å¤¬¤ë ------------------------------------------------------------------------------- Rule Name: System boot changes (/var/log) Severity Level: 100 ------------------------------------------------------------------------------- Remove the "x" from the adjacent box to prevent updating the database with the new values for this object. Modified: [x] "/var/log/boot.log" [x] "/var/log/boot.log.1" [x] "/var/log/boot.log.2" [x] "/var/log/boot.log.3" [x] "/var/log/boot.log.4" [x]¤È¥Á¥§¥Ã¥¯¤¬¤Ä¤¤¤Æ¤¤¤ë¤â¤Î¤¬¥Ç¡¼¥¿¥Ù¡¼¥¹¤ËÈ¿±Ç¤µ¤ì¤ë¥Á¥§¥Ã¥¯¤ò¤Ï¤º¤»¤ÐÈ¿±Ç¤µ¤ì¤Ê¤¤¤è¤±¤ì¤ÐÊݸ¤·¤Æ½ªÎ» ¥í¡¼¥«¥ë¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎÏ Please enter your local passphrase: |