| View previous topic :: View next topic |
| Author |
Message |
kamikaze04
Guru
Joined: 28 Mar 2004
Posts: 366
Location: Valencia-Spain
|
 Posted: Sat Aug 06, 2005 6:08 pm Post subject: tripwire decent policy |
 |
|
Hello everybody,
I've just installed a server witch gentoo with tripwire. I've realized that the twpol.txt is from Red Hat, tha's why i get a lot of fails when it doesn't find some files.
I've only found one tripwire policy from a few years in bugzilla, and i would like to know if any of you could share with me and the comuty his twpol.txt.
Thanks everybody!!
_________________
Todo lo que quisiste saber sobre google en: www.noticiasgoogle.es |
|
| Back to top |
|
 |
ter_roshak
Apprentice
Joined: 31 Jan 2004
Posts: 171
Location: Everett, WA
|
| Posted: Sun Aug 07, 2005 12:55 am Post subject: Re: tripwire decent policy |
|
|
| kamikaze04 wrote: | Hello everybody,
I've just installed a server witch gentoo with tripwire. I've realized that the twpol.txt is from Red Hat, tha's why i get a lot of fails when it doesn't find some files.
I've only found one tripwire policy from a few years in bugzilla, and i would like to know if any of you could share with me and the comuty his twpol.txt.
Thanks everybody!! |
Here's a link to a script that I created to modify the Red Hat policy to a Gentoo machine based on the applications that you have installed.
_________________
Josh Miller -- RHCE, VCP
Ditree Consulting
http://ditree.com/
Registered Linux User #318200 |
|
| Back to top |
|
|
kamikaze04
Guru
Joined: 28 Mar 2004
Posts: 366
Location: Valencia-Spain
|
| Posted: Mon Aug 08, 2005 4:18 pm Post subject: |
|
|
Soryy but i think that the script is not working properly, because it doesn't write any new config.
About the script, if i don't understand it in a bad way, it comments the lines that make reference of a file that doesn't exist in my system, ok? Ok, it solves the problem about the thousands of errors, but it doesn't solve the problem to monitor all my files.
Thanks anyway.
Any other wants to help?
_________________
Todo lo que quisiste saber sobre google en: www.noticiasgoogle.es |
|
| Back to top |
|
|
ter_roshak
Apprentice
Joined: 31 Jan 2004
Posts: 171
Location: Everett, WA
|
| Posted: Tue Aug 09, 2005 1:05 am Post subject: |
|
|
| kamikaze04 wrote: | Soryy but i think that the script is not working properly, because it doesn't write any new config.
About the script, if i don't understand it in a bad way, it comments the lines that make reference of a file that doesn't exist in my system, ok? Ok, it solves the problem about the thousands of errors, but it doesn't solve the problem to monitor all my files.
Thanks anyway.
Any other wants to help? |
Did you copy the new_twpol.txt file to twpol.txt?
The whole point to this script is only to modify the Red Hat configuration. You could then add the additional files that you want to monitor.
_________________
Josh Miller -- RHCE, VCP
Ditree Consulting
http://ditree.com/
Registered Linux User #318200 |
|
| Back to top |
|
|
shimbob
Tux's lil' helper
Joined: 13 Sep 2003
Posts: 147
|
| Posted: Sun Oct 23, 2005 7:47 am Post subject: |
|
|
trying to use it to comment out the non-existing files, but it's just spinning its wheels. it's sitting there at 99+% cpu, but nothing's being writen to new_twpol.txt.
Inserted some extra print calls, it seems that this line:
if (m{^\s+/\w}) {
is never true and it never searches.
(I'm not that fluent in perl) |
|
| Back to top |
|
|
tomd2004
n00b
Joined: 17 Aug 2005
Posts: 8
|
| Posted: Mon Jan 16, 2006 11:24 am Post subject: |
|
|
It seems the problem with the above script is just the way it has been formatted on the page. By viewing the source to the blog i've managed to extract the correct script, which is;
| Code: |
#!/usr/bin/perl
## Author: Joshua M. Miller
# Date: 08/26/2004
#
# Purpose: To automate the configuration of the tripwire policies.
#
use strict;
my $file = "/etc/tripwire/twpol.txt" ;
my $new_file = "/etc/tripwire/new_twpol.txt" ;
print "Opening $file\n\n" ;
open INFILE, $file or die "Can't open input file : $!" ;
open OUTFILE, ">$new_file" or die "Can't open output file: $!" ;
print "Processing the current tripwire config file...\n" ;
while (<INFILE>) {
# If it is a file that requires checking, check it to see if the file is on this system
# If the line begins with a /, then we know it needs to be checked
# If the file is not on this system, comment it out
if (m{^\s+/\w}) {
# Take the file's path from the line
my @tst_file = split(/\s+/,$_) ;
# Check to see if the file exists
unless ( -e $tst_file[1] ) {
$_ = "#" . $_ ;
}
# Debug, print results
print "Result: $tst_file[1]\n" ;
# Test - print this section to the outfile
# print OUTFILE "$tst_file[1]\n" ;
}
# Write the line to the new file
print OUTFILE "$_" ;
}
close INFILE ;
close OUTFILE ;
|
Nice script, works well for me.
Hope this helps. |
|
| Back to top |
|
|
outspoken
Guru
Joined: 14 Feb 2004
Posts: 464
Location: orlando, fl
|
| Posted: Tue Feb 28, 2006 3:15 am Post subject: |
|
|
| beautiful, thanks! |
|
| Back to top |
|
|
cboldt
Veteran
Joined: 24 Aug 2005
Posts: 1046
|
| Posted: Fri Oct 18, 2013 12:08 pm Post subject: |
|
|
A bash script that writes a twpol.txt from scratch, rather than removing extraneous lines from an existing RedHat-centric policy file, is available in the "mktwpol" package. mktwpol.sh searches the installed packages database, and writes tripwire policy based on the confluence of packages listed (in mktwpol) and packages found on a given system. The resulting policy file also has some catchall rules that will trigger alarms for files installed/changed by packages that are not in mktwpol's list of packages.
mktwol is masked (~x86, etc.), but has been around for a few years, and all bug reports lodged against it were promptly resolved. |
|
| Back to top |
|
|
|
Networking & Security
