154


Chapter 11. Tripwire


Then type the following command to create a new database using the updated policy file:


/usr/sbin/tripwire   init


To make sure the database was correctly changed, run the first integrity check manually and view the


contents of the resulting report. See Section 11.5 and Section 11.6.1 for more on doing these tasks.


11.8.1. Tripwire and Email


You can configure Tripwire to send an email to one or more accounts if a specific type of policy


is violated. In order to do this, you need to figure out what policy rules should be monitored and


who should get the email when those rules are broken. Note that on large systems with multiple


administrators, you can have different sets of people notified depending on the types of violations.


Once you have determined who to notify and what rule violations to report to them, edit the


/etc/tripwire/twpol.txt


file, adding an emailto= line to the rule directive section for each


appropriate rule. Do this by adding a comma after the severity= line and putting emailto= on


the next line, followed by one or more email addresses. More than one email address can be specified


if the addresses are separated by a semi colon.


For example, if two administrators, Johnray and Bob, need to be notified if a networking program is


modified, change the Networking Programs rule directive in the policy file to look like this:


(


rulename = "Networking Programs",


severity = $(SIG_HI),


emailto = johnray@domain.com;bob@domain.com


)


After changing the policy file, follow the instructions in Section 11.8 to generate an updated, encrypted


and signed copy of the Tripwire policy file.


11.8.1.1. Sending Test Email Messages


To test Tripwire's email notification configuration, use the following command:


/usr/sbin/tripwire   test   email your@email.address


A test email will immediately be sent to the email address by the


tripwire


program.


11.9. Updating the Tripwire Configuration File


If you want to change Tripwire's configuration file, you should first edit the sample configuration


file


/etc/tripwire/twcfg.txt


. If you deleted this file (as you should whenever you are finished


configuring Tripwire), you can regenerate it by issuing the following command:


twadmin   print cfgfile > /etc/tripwire/twcfg.txt


Tripwire will not recognize any configuration changes until the configuration text file is correctly


signed and converted to


/etc/tripwire/tw.pol


with the


twadmin


command.


Use the following command to regenerate a configuration file from the


/etc/tripwire/twcfg.txt


text file:


/usr/sbin/twadmin   create cfgfile  S site.key /etc/tripwire/twcfg.txt








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      tomcat hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved