152


Chapter 11. Tripwire


/bin/arch


 rwxr xr x


root (0)


2844


Tue Dec 12 05:51:35 2000


/bin/ash


 rwxr xr x


root (0)


64860


Thu Dec


7 22:35:05 2000


/bin/ash.static


 rwxr xr x


root (0)


405576


Thu Dec


7 22:35:05 2000


To see information about a particular file that Tripwire is tracking, such as


/etc/hosts


, use the


following command:


/usr/sbin/twprint  m d   print dbfile /etc/hosts


The result will look similar to this:


Object name:


/etc/hosts


Property:


Value:


             


           


Object Type


Regular File


Device Number


773


Inode Number


216991


Mode


 rw r  r  


Num Links


1


UID


root (0)


GID


root (0)


See man page for


twprint


for more options.


11.7. Updating the Tripwire Database


If you run an integrity check and Tripwire finds violations, you will first need to determine whether


the violations discovered are actual security breaches or the product of authorized modifications. If


you recently installed an application or edited critical system files, Tripwire will correctly report


integrity check violations. In this case, you should update your Tripwire database so those changes


are no longer reported as violations. However, if unauthorized changes are made to system files that


generate integrity check violations, then you should restore the original file from a backup, reinstall


the program, or, if the breach is severe enough, completely reinstall the operating system.


To update the Tripwire database so it accepts valid policy violations, Tripwire first cross references


a report file against the database, then integrates into it valid violations from the report file. When


updating the database, be sure to use the most recent report.


Use the following command to update the Tripwire database, where name is the name of the most


recent report file:


/usr/sbin/tripwire   update   twrfile /var/lib/tripwire/report/ name .twr


R


S


Tripwire will display the report file using the default text editor specified on the


EDITOR


line of the


Tripwire configuration file. This give you an opportunity to deselect files you do not wish to update in


the Tripwire database.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      tomcat hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved