Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
tripwire decent policy
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
kamikaze04
Guru
Guru


Joined: 28 Mar 2004
Posts: 366
Location: Valencia-Spain

PostPosted: Sat Aug 06, 2005 6:08 pm    Post subject: tripwire decent policy Reply with quote

Hello everybody,

I've just installed a server witch gentoo with tripwire. I've realized that the twpol.txt is from Red Hat, tha's why i get a lot of fails when it doesn't find some files.

I've only found one tripwire policy from a few years in bugzilla, and i would like to know if any of you could share with me and the comuty his twpol.txt.

Thanks everybody!!
_________________
Todo lo que quisiste saber sobre google en: www.noticiasgoogle.es
Back to top
View user's profile Send private message
ter_roshak
Apprentice
Apprentice


Joined: 31 Jan 2004
Posts: 171
Location: Everett, WA

PostPosted: Sun Aug 07, 2005 12:55 am    Post subject: Re: tripwire decent policy Reply with quote

kamikaze04 wrote:
Hello everybody,

I've just installed a server witch gentoo with tripwire. I've realized that the twpol.txt is from Red Hat, tha's why i get a lot of fails when it doesn't find some files.

I've only found one tripwire policy from a few years in bugzilla, and i would like to know if any of you could share with me and the comuty his twpol.txt.

Thanks everybody!!


Here's a link to a script that I created to modify the Red Hat policy to a Gentoo machine based on the applications that you have installed.
_________________
Josh Miller -- RHCE, VCP
Ditree Consulting
http://ditree.com/
Registered Linux User #318200
Back to top
View user's profile Send private message
kamikaze04
Guru
Guru


Joined: 28 Mar 2004
Posts: 366
Location: Valencia-Spain

PostPosted: Mon Aug 08, 2005 4:18 pm    Post subject: Reply with quote

Soryy but i think that the script is not working properly, because it doesn't write any new config.

About the script, if i don't understand it in a bad way, it comments the lines that make reference of a file that doesn't exist in my system, ok? Ok, it solves the problem about the thousands of errors, but it doesn't solve the problem to monitor all my files.

Thanks anyway.

Any other wants to help?
_________________
Todo lo que quisiste saber sobre google en: www.noticiasgoogle.es
Back to top
View user's profile Send private message
ter_roshak
Apprentice
Apprentice


Joined: 31 Jan 2004
Posts: 171
Location: Everett, WA

PostPosted: Tue Aug 09, 2005 1:05 am    Post subject: Reply with quote

kamikaze04 wrote:
Soryy but i think that the script is not working properly, because it doesn't write any new config.

About the script, if i don't understand it in a bad way, it comments the lines that make reference of a file that doesn't exist in my system, ok? Ok, it solves the problem about the thousands of errors, but it doesn't solve the problem to monitor all my files.

Thanks anyway.

Any other wants to help?


Did you copy the new_twpol.txt file to twpol.txt?

The whole point to this script is only to modify the Red Hat configuration. You could then add the additional files that you want to monitor.
_________________
Josh Miller -- RHCE, VCP
Ditree Consulting
http://ditree.com/
Registered Linux User #318200
Back to top
View user's profile Send private message
shimbob
n00b
n00b


Joined: 13 Sep 2003
Posts: 43

PostPosted: Sun Oct 23, 2005 7:47 am    Post subject: Reply with quote

trying to use it to comment out the non-existing files, but it's just spinning its wheels. it's sitting there at 99+% cpu, but nothing's being writen to new_twpol.txt.

Inserted some extra print calls, it seems that this line:
if (m{^\s+/\w}) {
is never true and it never searches.

(I'm not that fluent in perl)
Back to top
View user's profile Send private message
tomd2004
n00b
n00b


Joined: 17 Aug 2005
Posts: 8

PostPosted: Mon Jan 16, 2006 11:24 am    Post subject: Reply with quote

It seems the problem with the above script is just the way it has been formatted on the page. By viewing the source to the blog i've managed to extract the correct script, which is;
Code:

#!/usr/bin/perl
## Author:  Joshua M. Miller
# Date:    08/26/2004
#
# Purpose:  To automate the configuration of the tripwire policies.
#
use strict;

my $file = "/etc/tripwire/twpol.txt" ;
my $new_file = "/etc/tripwire/new_twpol.txt" ;

print "Opening $file\n\n" ;

open INFILE, $file or die "Can't open input file : $!" ;
open OUTFILE, ">$new_file" or die "Can't open output file: $!" ;

print "Processing the current tripwire config file...\n" ;

while (<INFILE>) {
# If it is a file that requires checking, check it to see if the file is on this system
# If the line begins with a /, then we know it needs to be checked
# If the file is not on this system, comment it out
       if (m{^\s+/\w}) {
               # Take the file's path from the line
               my @tst_file = split(/\s+/,$_) ;
               # Check to see if the file exists
               unless ( -e $tst_file[1] ) {
                       $_ = "#" . $_ ;
               }
# Debug, print results
               print "Result:  $tst_file[1]\n" ;
# Test - print this section to the outfile

#               print OUTFILE "$tst_file[1]\n" ;
       }
# Write the line to the new file
print OUTFILE "$_" ;
}
close INFILE ;
close OUTFILE ;

Nice script, works well for me.

Hope this helps.
Back to top
View user's profile Send private message
outspoken
Guru
Guru


Joined: 14 Feb 2004
Posts: 464
Location: orlando, fl

PostPosted: Tue Feb 28, 2006 3:15 am    Post subject: Reply with quote

beautiful, thanks!
Back to top
View user's profile Send private message
cboldt
n00b
n00b


Joined: 24 Aug 2005
Posts: 40

PostPosted: Fri Oct 18, 2013 12:08 pm    Post subject: Reply with quote

A bash script that writes a twpol.txt from scratch, rather than removing extraneous lines from an existing RedHat-centric policy file, is available in the "mktwpol" package. mktwpol.sh searches the installed packages database, and writes tripwire policy based on the confluence of packages listed (in mktwpol) and packages found on a given system. The resulting policy file also has some catchall rules that will trigger alarms for files installed/changed by packages that are not in mktwpol's list of packages.

mktwol is masked (~x86, etc.), but has been around for a few years, and all bug reports lodged against it were promptly resolved.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum