Tripwire¤Î¥¤¥ó¥¹¥È¡¼¥ë

http://www.tripwire.org/ ¤«¤étripwire-2.3-47.i386.tar.gz ¤òget

# tar xvzf tripwire-2.3-47.i386.tar.gz
# rpm -ivh tripwire-2.3-47.i386.rpm

ÀßÄê¥Õ¥¡¥¤¥ë¤ÎºîÀ®

# /etc/tripwire/twinstall.sh
¥µ¥¤¥È¥­¡¼¥Õ¥¡¥¤¥ë¤Î¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎÏ
Enter the site keyfile passphrase:

¤â¤¦°ìÅÙÆþÎÏ
Verify the site keyfile passphrase:

¥í¡¼¥«¥ë¥­¡¼¥Õ¥¡¥¤¥ë¤Î¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎÏ
Enter the local keyfile passphrase: 

¤â¤¦°ìÅÙÆþÎÏ
Verify the local keyfile passphrase:

ºÇ½é¤ËÆþÎϤ·¤¿¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎÏ
Please enter your site passphrase: 

¤µ¤é¤Ë¤â¤¦°ìÅÙÆþÎÏ
Please enter your site passphrase:

¤³¤ì¤Ç /etc/tripwire °Ê²¼¤Ë ¥Û¥¹¥È̾-local.key ¤È site.key ¤¬¤Ç¤­¤ë

ɬÍפ˱þ¤¸¤Æ /etc/tripwire/twcfg.txt ¤ÎÆâÍƤòÊѹ¹¤¹¤ë¡ÊÆäËɬÍפʤ·¡£¤È»×¤¦¡Ë

ÀßÄê¥Õ¥¡¥¤¥ë¤Î°Å¹æ²½

# /usr/sbin/twadmin -m F -c tw.cfg -S site.key /etc/tripwire/twcfg.txt

¥µ¥¤¥È¥­¡¼¤ÎÆþÎÏ
Please enter your site passphrase:

¥Ý¥ê¥·¡¼¥Õ¥¡¥¤¥ë¤ÎºîÀ®

ɬÍפ˱þ¤¸¤Æ /etc/tripwire/twpol.txt ¤ÎÆâÍƤòÊѹ¹¤¹¤ë¡Ê¸«¤Æ¤â¤è¤¯¤ï¤«¤é¤Ê¤¤¤Î¤ÇÆäËɬÍפʤ·¡£¤È»×¤¦¡Ë

¥Ý¥ê¥·¡¼¥Õ¥¡¥¤¥ë¤ò°Å¹æ²½¤¹¤ë

# /usr/sbin/twadmin -m P -S site.key twpol.txt 

¥µ¥¤¥È¥­¡¼¤ÎÆþÎÏ
Please enter your site passphrase: 

Èæ³ÓÍѥǡ¼¥¿¥Ù¡¼¥¹¤ÎºîÀ®

½é¤á¤ÏÈæ³Ó¤¹¤ë¥Õ¥¡¥¤¥ë¤¬¤Ê¤¤¤Î¤Ç¤«¤Ê¤ê¤ÎWarning¤¬½Ð¤Þ¤¹

# /usr/sbin/tripwire -m i

¥í¡¼¥«¥ë¥­¡¼¤ÎÆþÎÏ
Please enter your local passphrase:

Warning¤ò»²¹Í¤Ë¤·¤Æ¸ºß¤·¤Ê¤¤¥Õ¥¡¥¤¥ë¤ò¥³¥á¥ó¥È¥¢¥¦¥È¤â¤·¤¯¤Ïºï½ü¤¹¤ë¡Ê¥Õ¥¡¥¤¥ë¤Î¾ì½ê¤¬°ã¤¦¤À¤±¤«¤â¤·¤ì¤Ê¤¤¤Î¤ÇÃí°Õ¡Ë

# vi twpol.txt 

°ìÄ̤êºï½ü¤·¤ÆºÆÅ٥ݥꥷ¡¼¥Õ¥¡¥¤¥ëºîÀ®

# /usr/sbin/twadmin -m P -S site.key twpol.txt
# /usr/sbin/tripwire -m i

¤ÇWarning¤¬½Ð¤Ê¤±¤ì¤ÐOK

À°¹çÀ­¥Á¥§¥Ã¥¯

# /usr/sbin/tripwire -m c

·ë²Ì¤Ï /var/lib/tripwire/report ¤Ë {¥Û¥¹¥È̾}-{ÆüÉÕ}-{»þ´Ö}.twr ¤Î¥Õ¥¡¥¤¥ë¤È¤·¤ÆÊݸ¤µ¤ì¤ë

Äê´üŪ¤Ë¥Á¥§¥Ã¥¯¤¹¤ë¤Ë¤Ïcron¤ËÅÐÏ¿¤¹¤ë

# vi /etc/cron.daily/tripwire-check
#!/bin/sh
HOST_NAME=`uname -n`
if [ ! -e /var/lib/tripwire/${HOST_NAME}.twd ] ; then
  echo "****    Error: Tripwire database for ${HOST_NAME} not found.    ****"
  echo "**** Run "/etc/tripwire/twinstall.sh" and/or "tripwire --init". ****"
else
  test -f /etc/tripwire/tw.cfg &&  /usr/sbin/tripwire --check
fi
# chmod 755 /etc/cron.daily/tripwire-check

¥Ç¡¼¥¿¥Ù¡¼¥¹¤Î¥¢¥Ã¥×¥Ç¡¼¥È

# /usr/sbin/tripwire --update --twrfile {¥Û¥¹¥È̾}-{ÆüÉÕ}-{»þ´Ö}.twr

vi¤¬Î©¤Á¾å¤¬¤ë

-------------------------------------------------------------------------------
Rule Name: System boot changes (/var/log)
Severity Level: 100
-------------------------------------------------------------------------------

Remove the "x" from the adjacent box to prevent updating the database
with the new values for this object.

Modified:
[x] "/var/log/boot.log"
[x] "/var/log/boot.log.1"
[x] "/var/log/boot.log.2"
[x] "/var/log/boot.log.3"
[x] "/var/log/boot.log.4"

[x]¤È¥Á¥§¥Ã¥¯¤¬¤Ä¤¤¤Æ¤¤¤ë¤â¤Î¤¬¥Ç¡¼¥¿¥Ù¡¼¥¹¤ËÈ¿±Ç¤µ¤ì¤ë¥Á¥§¥Ã¥¯¤ò¤Ï¤º¤»¤ÐÈ¿±Ç¤µ¤ì¤Ê¤¤¤è¤±¤ì¤ÐÊݸ¤·¤Æ½ªÎ»

¥í¡¼¥«¥ë¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎÏ
Please enter your local passphrase:

¥È¥Ã¥×   ÊÔ½¸ Åà·ë º¹Ê¬ ¥Ð¥Ã¥¯¥¢¥Ã¥× źÉÕ Ê£À½ ̾Á°Êѹ¹ ¥ê¥í¡¼¥É   ¿·µ¬ °ìÍ÷ ¸¡º÷ ºÇ½ª¹¹¿·   ¥Ø¥ë¥×   ºÇ½ª¹¹¿·¤ÎRSS
Last-modified: 2021-09-19 (Æü) 19:09:30