Securing and Optimizing Linux: RedHat Edition -A Hands on Guide | ||
---|---|---|
Prev | Chapter 18. Linux Tripwire ASR 1.3.1 | Next |
In Interactive Checking Mode feature, Tripwire verifies files or directories that have been added, deleted, or changed from the original database and asks the user whether the database entry should be updated. This mode is the most convenient way of keeping your database up-to-date, but it requires that the user be at the console. If you intend to use this mode, then follow the simple steps below.
Tripwire must have a database to compare against so we first create the file information database. This action will create a file called tw.db_[hostname] in the directory you specified to hold your databases where [hostname] will be replaced with your machine hostname. To create the file information database for Tripwire, use the command:
[root@deep] /# cd /var/spool/tripwire/ [root@deep ]/tripwire# /usr/sbin/tripwire --initialize |
Once the file information database of Tripwire has been created, we can now run Tripwire in Interactive Checking Mode. This mode will prompt the user for whether or not each changed entry on the system should be updated to reflect the current state of the file. To run in Interactive Checking Mode, use the command:
[root@deep] /# cd /var/spool/tripwire/database/ [root@deep ]/database# cp tw.db_myserverhostname /var/spool/tripwire/ [root@deep ]/database# cd .. [root@deep ]/tripwire# /usr/sbin/tripwire --interactive |
Tripwire(tm) ASR (Academic Source Release) 1.3.1 File Integrity Assessment Software (c) 1992, Purdue Research Foundation, (c) 1997, 1999 Tripwire Security Systems, Inc. All Rights Reserved. Use Restricted to Authorized Licensees. ### Phase 1: Reading configuration file ### Phase 2: Generating file list ### Phase 3: Creating file information database ### Phase 4: Searching for inconsistencies ### ### Total files scanned: 15722 ### Files added: 34 ### Files deleted: 42 ### Files changed: 321 ### ### Total file violations: 397 ### added: -rwx------ root 22706 Dec 31 06:25:02 1999 /root/tmp/firewall ---> File: '/root/tmp/firewall' ---> Update entry? [YN(y)nh?] |
: In interactive mode, Tripwire first reports all added, deleted, and changed files, then allows the user to update the entry in the database.