r7386 - in trunk/BOOK: . introduction/welcome postlfs/security

bdubbs at linuxfromscratch.org bdubbs at linuxfromscratch.org
Sun Apr 20 18:53:35 PDT 2008


Author: bdubbs
Date: 2008-04-20 19:53:35 -0600 (Sun, 20 Apr 2008)
New Revision: 7386

Modified:
   trunk/BOOK/general.ent
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/postlfs/security/tripwire.xml
Log:
Update to tripwire-2.4.1.2

Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent	2008-04-15 08:34:07 UTC (rev 7385)
+++ trunk/BOOK/general.ent	2008-04-21 01:53:35 UTC (rev 7386)
@@ -3,11 +3,11 @@
 $Date$
 -->
 
-<!ENTITY day          "15">                   <!-- Always 2 digits -->
+<!ENTITY day          "21">                   <!-- Always 2 digits -->
 <!ENTITY month        "04">                   <!-- Always 2 digits -->
 <!ENTITY year         "2008">
 <!ENTITY version      "svn-&year;&month;&day;">
-<!ENTITY releasedate  "April &day;th, &year;">
+<!ENTITY releasedate  "April &day;st, &year;">
 <!ENTITY pubdate      "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
 <!ENTITY blfs-version "svn">                  <!-- svn|[release #] -->
 <!ENTITY lfs-version  "development">          <!-- version|testing|unstable|development] -->
@@ -63,7 +63,7 @@
 <!ENTITY iptables-version             "1.3.8">
 <!ENTITY gnupg-version                "1.4.7">
 <!ENTITY gnupg2-version               "2.0.8">
-<!ENTITY tripwire-version             "2.4.0.1">
+<!ENTITY tripwire-version             "2.4.1.2">
 <!ENTITY heimdal-version              "1.1">
 <!ENTITY mitkrb-version               "1.6">
 <!ENTITY cyrus-sasl-version           "2.1.22">

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2008-04-15 08:34:07 UTC (rev 7385)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2008-04-21 01:53:35 UTC (rev 7386)
@@ -42,6 +42,15 @@
 -->
 
     <listitem>
+      <para>April 20th, 2008</para>
+      <itemizedlist>
+        <listitem>
+          <para>[bdubbs] - Update to Tripwire-2.4.1.2.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
+    <listitem>
       <para>April 14th, 2008</para>
       <itemizedlist>
         <listitem>

Modified: trunk/BOOK/postlfs/security/tripwire.xml
===================================================================
--- trunk/BOOK/postlfs/security/tripwire.xml	2008-04-15 08:34:07 UTC (rev 7385)
+++ trunk/BOOK/postlfs/security/tripwire.xml	2008-04-21 01:53:35 UTC (rev 7386)
@@ -4,23 +4,11 @@
   <!ENTITY % general-entities SYSTEM "../../general.ent">
   %general-entities;
 
-    <!-- Inserted as a reminder to do this. The mention of a test suite
-         is usually right before the root user installation commands. Please
-         delete these 12 (including one blank) lines after you are done.-->
-
-    <!-- Use one of the two mentions below about a test suite,
-         delete the line that is not applicable. Of course, if the
-         test suite uses syntax other than "make check", revise the
-         line to reflect the actual syntax to run the test suite -->
-
-    <!-- <para>This package does not come with a test suite.</para> -->
-    <!-- <para>To test the results, issue: <command>make check</command>.</para> -->
-
   <!ENTITY tripwire-download-http "http://downloads.sourceforge.net/tripwire/tripwire-&tripwire-version;-src.tar.bz2">
   <!ENTITY tripwire-download-ftp  " ">
-  <!ENTITY tripwire-md5sum        "b371f79ac23cacc9ad40b1da76b4a0c4">
-  <!ENTITY tripwire-size          "1.2 MB">
-  <!ENTITY tripwire-buildsize     "37 MB">
+  <!ENTITY tripwire-md5sum        "1147c278b528ed593023912c4b649a">
+  <!ENTITY tripwire-size          "700 KB">
+  <!ENTITY tripwire-buildsize     "28 MB">
   <!ENTITY tripwire-time          "1.6 SBU">
 ]>
 
@@ -66,15 +54,6 @@
       </listitem>
     </itemizedlist>
 
-    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
-    <itemizedlist spacing="compact">
-      <listitem>
-        <para>Required patch:
-          <ulink url="&patch-root;/tripwire-&tripwire-version;-gcc4_build_fixes-1.patch"/>
-        </para>
-      </listitem>
-    </itemizedlist>
-
     <bridgehead renderas="sect3">Tripwire Dependencies</bridgehead>
 
     <bridgehead renderas="sect4">Required</bridgehead>
@@ -95,9 +74,7 @@
     <para>Compile <application>Tripwire</application> by running the following
     commands:</para>
 
-<screen><userinput>ln -s contrib install &&
-patch -Np1 -i ../tripwire-&tripwire-version;-gcc4_build_fixes-1.patch &&
-sed -i -e 's at TWDB="${prefix}@TWDB="/var@' install/install.cfg &&
+<screen><userinput>sed -i -e 's at TWDB="${prefix}@TWDB="/var@' install/install.cfg &&
 ./configure --prefix=/usr --sysconfdir=/etc/tripwire &&
 make</userinput></screen>
 
@@ -106,19 +83,18 @@
     one, modify <filename>install/install.cfg</filename> to use an SMTP
     server instead.  Otherwise the install will fail.</para></warning>
 
+    <para>This package does not come with a test suite.</para>
+
     <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
 
 <screen role="root"><userinput>make install &&
-cp -v policy/*.txt /usr/share/doc/tripwire</userinput></screen>
+cp -v policy/*.txt /usr/doc/tripwire</userinput></screen>
 
   </sect2>
 
   <sect2 role="commands">
     <title>Command Explanations</title>
 
-    <para><command>ln -s contrib install</command>: This command creates
-    a symbolic link in the build directory needed for installation.</para>
-
     <para><command>sed -i -e 's at TWDB="${prefix}@TWDB="/var@'
     install/install.cfg</command>: This command tells the package to install
     the program database and reports in
@@ -129,8 +105,9 @@
     the binaries. There are two keys: a site key and a local key which are
     stored in <filename class="directory">/etc/tripwire/</filename>.</para>
 
-    <para><command>cp -v policy/*.txt /usr/share/doc/tripwire</command>: This
-    command installs the documentation.</para>
+		<para><command>cp -v policy/*.txt /usr/doc/tripwire</command>: This command
+		installs the <application>tripwire</application> sample policy files with
+		the other <application>tripwire</application> documentation.</para>
 
   </sect2>
 
@@ -154,70 +131,77 @@
       <para><application>Tripwire</application> uses a policy file to
       determine which files are integrity checked. The default policy
       file (<filename>/etc/tripwire/twpol.txt</filename>) is for a
-      default Redhat installation and will need to be updated for your
+      default installation and will need to be updated for your
       system.</para>
 
-      <para>Policy files should be tailored to each individual distribution
-      and/or installation. Some custom policy files can be found below:</para>
+			<para>Policy files should be tailored to each individual distribution
+			and/or installation. Some example policy files can be found in <filename
+			class="directory">/usr/doc/tripwire/</filename> (Note that <filename
+			class="directory">/usr/doc/</filename> is a symbolic link on LFS systems
+			to <filename class="directory">/usr/share/doc/</filename>).</para>
 
-<literallayout><ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt"/>
-Checks integrity of all files
-<ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt"/>
-Custom policy file for Base LFS 3.0 system
-<ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt"/>
-Custom policy file for SuSE 7.2 system</literallayout>
+			<para>If desired, copy the policy file you'd like to try into <filename
+			class="directory">/etc/tripwire/</filename> instead of using the default
+			policy file, <filename>twpol.txt</filename>.  It is, however, recommended
+			that you edit your policy file. Get ideas from the examples above and
+			read <filename>/usr/doc/tripwire/policyguide.txt</filename> for
+			additional information. <filename>twpol.txt</filename> is a good policy
+			file for learning about  <application>Tripwire</application> as it will
+			note any changes to the file system and can even be used as an annoying
+			way of keeping track of changes for uninstallation of software.</para>
 
-      <para>Download the custom policy file you'd like to try, copy it into
-      <filename class="directory">/etc/tripwire/</filename>, and use it instead
-      of <filename>twpol.txt</filename>. It is, however, recommended that you
-      make your own policy file. Get ideas from the examples above and read
-      <filename>/usr/share/doc/tripwire/policyguide.txt</filename> for
-      additional information. <filename>twpol.txt</filename> is a good policy
-      file for beginners as it will note any changes to the file system and can
-      even be used as an annoying way of keeping track of changes for
-      uninstallation of software.</para>
+			<para>After your policy file has been edited to your satisfaction you may
+			begin the configuration steps (perform as the <systemitem
+			class='username'>root</systemitem>):</para>
 
-      <para>After your policy file has been transferred to
-      <filename class="directory">/etc/tripwire/</filename> you may begin
-      the configuration steps (perform as the
-      <systemitem class='username'>root</systemitem>):</para>
-
 <screen role="root"><userinput>twadmin --create-polfile --site-keyfile /etc/tripwire/site.key \
     /etc/tripwire/twpol.txt &&
 tripwire --init</userinput></screen>
 
+    <para>Depending on your system and the contents of the policy file, the
+		initialization phase above can take a relatively long time.</para>
+
     </sect3>
 
     <sect3>
       <title>Usage Information</title>
 
-      <para>To use <application>Tripwire</application> after creating a policy
-      file to run a report, use the following command:</para>
+			<para><application>Tripwire</application> will identify file changes in
+			the critical system files specified in the policy file.  Using
+			<application>Tripwire</application> while making frequent changes to
+			these directories will flag all these changes.  It is most useful after a
+			system has reached a configuration that the user considers stable.</para>
 
+			<para>To use <application>Tripwire</application> after creating a policy
+			file to run a report, use the following command:</para>
+
 <screen role="root"><userinput>tripwire --check > /etc/tripwire/report.txt</userinput></screen>
 
-      <para>View the output to check the integrity of your files. An automatic
-      integrity report can be produced by using a cron facility to schedule
-      the runs.</para>
+			<para>View the output to check the integrity of your files. An automatic
+			integrity report can be produced by using a cron facility to schedule the
+			runs.</para>
 
-      <para>Please note that after you run an integrity check, you must
-      examine the report (or email) and then modify the
-      <application>Tripwire</application> database to reflect the changed
-      files on your system. This is so that <application>Tripwire</application>
-      will not continually notify you that files you intentionally changed are
-      a security violation. To do this you must first <command>ls -l
-      /var/lib/tripwire/report/</command> and note the name of the newest file
-      which starts with <filename>linux-</filename> and ends in
-      <filename>.twr</filename>. This encrypted file was created during the
-      last report creation and is needed to update the
-      <application>Tripwire</application> database of your system. Then, as the
-      <systemitem class='username'>root</systemitem> user, type
-      in the following command making the appropriate substitutions for
-      <replaceable><?></replaceable>:</para>
+			<para>Reports are stored in binary and, if desired, encrypted.  View reports, 
+			as the <systemitem class="username">root</systemitem> user, with:</para>
 
-<screen role="root"><userinput>tripwire --update -twrfile \
-    /var/lib/tripwire/report/linux-<replaceable><???????></replaceable>-<replaceable><??????></replaceable>.twr</userinput></screen>
+<screen role="root">twprint --print-report -r /var/lib/tripwire/report/<replaceable><report-name.twr></replaceable></screen>
 
+			<para>After you run an integrity check, you should examine the
+			report (or email) and then modify the <application>Tripwire</application>
+			database to reflect the changed files on your system. This is so that
+			<application>Tripwire</application> will not continually notify you that
+			files you intentionally changed are a security violation. To do this you
+			must first <command>ls -l /var/lib/tripwire/report/</command> and note
+			the name of the newest file which starts with your system name as
+			presented by the command <userinput>uname -n</userinput>
+			and ends in <filename>.twr</filename>. These files were created
+			during report creation and the most current one is needed to update the
+			<application>Tripwire</application> database of your system. As the
+			<systemitem class='username'>root</systemitem> user, type in the
+			following command making the appropriate report name:</para>
+
+<screen role="root"><userinput>tripwire --update --twrfile /var/lib/tripwire/report/<replaceable><report-name.twr></replaceable></userinput></screen>
+
       <para>You will be placed into <application>vim</application> with a copy
       of the report in front of you. If all the changes were good, then just
       type <command>:x</command> and after entering your local key, the database
@@ -225,7 +209,6 @@
       about, remove the 'x' before the filename in the report and type
       <command>:x</command>.</para>
 
-
       <para>A good summary of tripwire operations can be found at
       <ulink url="http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/ch-tripwire.html"/>.</para>
 
@@ -254,9 +237,9 @@
       <segtitle>Installed Directories</segtitle>
 
       <seglistitem>
-        <seg>siggen, tripwire, twadmin, and twprint.</seg>
+        <seg>siggen, tripwire, twadmin, and twprint</seg>
         <seg>None</seg>
-        <seg>/etc/tripwire, /usr/share/doc/tripwire, and /var/lib/tripwire</seg>
+        <seg>/etc/tripwire, /var/lib/tripwire, and /usr/share/doc/tripwire</seg>
       </seglistitem>
     </segmentedlist>
 




More information about the blfs-book mailing list