File: twfiles.5

package info (click to toggle)
tripwire 2.4.3.7-3
  • links: PTS
  • area: main
  • in suites: bullseye
  • size: 7,224 kB
  • sloc: cpp: 57,898; sh: 6,006; perl: 2,735; yacc: 497; makefile: 437; lex: 356; ansic: 10
file content (123 lines) | stat: -rw-r--r-- 5,442 bytes parent folder | download | duplicates (5)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
.\" Macros added by [email protected] for those systems where the an
.\" troff macro package doesn't know about .Ps & .Pe.
.\" Note it is assumed that CW is a constant width font.
.\" Ps - Start display text
.de Ps
.nf
.in  0.5i
.ft CW
..
.\" Pe - end of display text
.de Pe
.fi
.in -0.5i
.ft 1
..
.\"
.\" Macro added by TSS.
.\" Ms - display subsection on two lines in nroff, one line in troff.
.de Ms
.ie n \{ .SS \\$1
\\$2
.br \}
.el .SS \\$1 (\\$2)
..
.\"
.nh
.ad l
.TH TWFILES 5 "04 Jan 2018" "Open Source Tripwire 2.4"
.SH NAME
twfiles \- overview of files used by \fITripwire\fR and file backup process
.\"
.SH DESCRIPTION
.\"
.Ms "Configuration File" "\fPdefault:\fP \fI/etc/tripwire/tw.cfg\fP"
The configuration file stores system-specific information, such as the
location of \fITripwire\fR data files. The configuration settings are
generated during the installation process, but can be changed by the system administrator at any time.  See the
\fBtwconfig\fR(4) man page for a more complete discussion.
.\"
.Ms "Policy File" "\fPdefault:\fP \fI/etc/tripwire/tw.pol\fP"
The policy file consists of a series of rules specifying the system
objects that \fITripwire\fR should monitor, and the data for each
object that should be collected and stored in the database file.
Should unexpected changes occur, the policy file can describe the
person to be notified and the severity of the violation.  See the
\fIpolicyguide.txt\fR file in the policy directory and the
\fBtwpolicy\fR(4) man page for a more complete discussion.
.\"
.Ms "Database File" "\fPdefault:\fP \fI/var/lib/$(HOSTNAME).twd\fP"
The database file serves as the
baseline for integrity checking.  After installation, \fITripwire\fR
creates the initial database file, a "snapshot" of the filesystem in a
known secure state.  Later, when an integrity check is run,
\fITripwire\fR compares each system object described in the policy file
against its corresponding entry in the database.  A report is created,
and if an object has changed outside of constraints defined in the
policy file, a violation is reported.  See the \fBtripwire\fR(8) and
\fBtwprint\fR(8) man pages for more information on creating and
maintaining database files.
.\"
.Ms "Report Files" "\fPdefault:\fP \fI/var/lib/tripwire/report/$(HOSTNAME)\-$(DATE).twr\fP"
Once the above three files have been created, \fITripwire\fR can run an
integrity check and search for any differences between the current
system and the data stored in the "baseline" \fITripwire\fR database.
This information is archived into report files, a collection of rule
violations discovered during an integrity check.
With the appropriate settings, a report can also be emailed to one
or more recipients.  See the
\fBtripwire\fR(8) and \fBtwprint\fR(8) man pages for information on
creating and printing report files.
.\"
.Ms "Key Files" "\fPdefaults:\fP \fI/etc/tripwire/site.key\fP \fPand\fP \fI/etc/tripwire/$(HOSTNAME)\-local.key\fP"
It is critical that \fITripwire\fR files be protected from unauthorized
.ie n access\(hy\(hyan
.el access\(eman
attacker who is able to modify these files can subvert \fITripwire\fR
operation.  For this reason, all of the above files are
signed using public key cryptography to prevent unauthorized
modification.  Two separate sets of keys protect critical \fITripwire\fR data files.  One or both of these key sets is necessary for performing
almost every \fITripwire\fR task.
.PP
The site key is used to protect files that could be used across several
systems.  This includes the policy and configuration files.  The local
key is used to protect files specific to the local machine, such as the
\fITripwire\fR database.  The local key may also be used for signing
integrity check reports.  See the \fBtwadmin\fR(8) man page for more
information on keys.
.\"
.br
.br
.SS File Backup
To prevent the accidental deletion of important data, \fITripwire\fR
automatically creates backup files whenever any \fITripwire\fR file is
overwritten. The existing file will be renamed with a \fI.bak\fR
extension, and the new version of the file will take its place.  Only
one backup copy for each filename can exist at any time.  If a backup
copy of a file already exists, the older backup file will be deleted
and replaced with the newer one.
.PP
File backup is an integral part of \fITripwire\fR, and cannot be
removed or changed.
.SH VERSION INFORMATION
This man page describes
.IR "Tripwire 2.4" "."
.SH AUTHORS
Tripwire, Inc.
.\"
.SH COPYING PERMISSIONS
Permission is granted to make and distribute verbatim copies of this man page provided the copyright notice and this permission notice are preserved on all copies.
.PP
Permission is granted to copy and distribute modified versions of this man page under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one.
.PP
Permission is granted to copy and distribute translations of this man page into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by Tripwire, Inc.
.PP
Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
.SH SEE ALSO
.BR twintro (8),
.BR tripwire (8),
.BR twadmin (8),
.BR twprint (8),
.BR siggen (8),
.BR twconfig (4),
.BR twpolicy (4)