Dark Ninja
10-04-2001, 11:43 PM
Here is part of a document I use to help me setup a Tripwire policy.
Scheduling a Nightly Tripwire Analysis
Without regular checks of the filesystem, Tripwire is effectively
useless, so this section will identify how to schedule Nightly Tripwire
Analyses that are e-mail to the system administrator.
First, one needs to create a shell script for generating the Tripwire
reports. Creating the shell script can be more useful than just placing
the command in the crontab because it allows the administrator to perform
a filesystem check without needing to remember the exact syntax necessary for doing so.
Create the file "runtw.sh" in the directory
/usr/local/bin that has the following contents:
#!/bin/sh /usr/sbin/tripwire -m c | mail -s "Tripwire Report from HOST" root@localhost
Of course, HOST should be changed to the hostname of the system. Don't
forget to make the shell script executable by root.
Then, schedule the script to execute nightly at 1:01am by adding the line:
1 1 * * * /usr/local/bin/runtw.sh
to root's crontab using the command:
crontab -e
Tripwire will now submit nightly reports to the system administrator on
the status of the file system's integrity.
Now, I don't want the file e-mailed to my root e-mail acount every night (basically because I don't HAVE a root e-mail account). Now, is there some way I an have Tripwire put the file checking information into a file in the root folder and I can check that every day. (And, is there some way I could make it overwrite the previous day's file.)
ALSO...
If I install new files/programs to the system, do I have to update Tripwire every time? Or, how does that work?
Dark Ninja
Scheduling a Nightly Tripwire Analysis
Without regular checks of the filesystem, Tripwire is effectively
useless, so this section will identify how to schedule Nightly Tripwire
Analyses that are e-mail to the system administrator.
First, one needs to create a shell script for generating the Tripwire
reports. Creating the shell script can be more useful than just placing
the command in the crontab because it allows the administrator to perform
a filesystem check without needing to remember the exact syntax necessary for doing so.
Create the file "runtw.sh" in the directory
/usr/local/bin that has the following contents:
#!/bin/sh /usr/sbin/tripwire -m c | mail -s "Tripwire Report from HOST" root@localhost
Of course, HOST should be changed to the hostname of the system. Don't
forget to make the shell script executable by root.
Then, schedule the script to execute nightly at 1:01am by adding the line:
1 1 * * * /usr/local/bin/runtw.sh
to root's crontab using the command:
crontab -e
Tripwire will now submit nightly reports to the system administrator on
the status of the file system's integrity.
Now, I don't want the file e-mailed to my root e-mail acount every night (basically because I don't HAVE a root e-mail account). Now, is there some way I an have Tripwire put the file checking information into a file in the root folder and I can check that every day. (And, is there some way I could make it overwrite the previous day's file.)
ALSO...
If I install new files/programs to the system, do I have to update Tripwire every time? Or, how does that work?
Dark Ninja