Re: [PLUG] Tripwire setup

Kevin D. McAllister on Thu, 28 Feb 2002 05:30:15 +0100

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Tripwire setup

From: "Kevin D. McAllister" <mclazarus@aggressivelyuninterested.com>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] Tripwire setup

Date: Wed, 27 Feb 2002 23:18:24 -0500

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.3.25i

On the default redhat install of Tripwire, you need to edit the /etc/tripwire/twpol.txt to match your environment. You will notice the critical issue in this case is the HOSTNAME variable definition in the section labeled @@section GLOBAL. It defaults to localhost. Setting it to your systems hostname(1) should rectify that situation. Plus its a really good idea to go through that twpol.txt file and make sure that you understand it, and that it matches your environment, the one that comes with redhat is set to match the redhat "everything" install. Good Luck, Kevin On or about Wed, Feb 27, 2002 at 11:45:05AM -0500, Mike Pflugfelder wrote: > About a month ago, I rebuilt one of my RH Linux servers as a result of the > machine being hacked from someone on the internet. Well, in the process of > building the new machine, I install Tripwire from the install CD. > > When I first initialized the database, I got an error stating that it > couldn't find /etc/tripwire/localhost-local.key. I think that I might have > initialized the database while the server had no hostname / domainname. I > just got around to doing a re-init and I'm finding the same message: > > # tripwire --init > Please enter your local passphrase: > Parsing policy file: /etc/tripwire/tw.pol > Generating the database... > *** Processing Unix File System *** > ### Warning: File system error. > ### Filename: /etc/tripwire/localhost-local.key > ### No such file or directory > ### Continuing... > Wrote database file: /var/lib/tripwire/<hostname omitted>.twd > The database was successfully generated. > > Does anyone else have some ideas about this? It seems to me to only be an > annoyance as it shows up in my nightly checks, but I wasn't sure if there is > more to it than I can tell. Also, I've checked the policy, and find no > references to that file there, but I do find the following reference in the > configuration file: > > # twadmin -m f | grep "/etc/tripwire/" | more > POLFILE =/etc/tripwire/tw.pol > SITEKEYFILE =/etc/tripwire/site.key > LOCALKEYFILE =/etc/tripwire/$(HOSTNAME)-local.key > > If this is supposed to be my local key file, I would suspect that when I do > anything that asks me for my local key, it would bomb out, but that isn't > the case. > > -Mike > > ______________________________________________________________________ > Philadelphia Linux Users Group - http://www.phillylinux.org > Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce > General Discussion - http://lists.phillylinux.org/mail/listinfo/plug ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

References:

[PLUG] Tripwire setup
From: Mike Pflugfelder <mikep@keyinfosys.com>

Prev by Date: Re: [PLUG] Linux boot and Promise Fastrak100 Raid

Next by Date: RE: [PLUG] fire wall question(s)

Previous by thread: [PLUG] Tripwire setup

Next by thread: [PLUG] IBM Thin Client and Red Hat Linux Networking

Index(es):

Date

Thread