### 1.ソースの取得とインストール # cd /usr/local/src/ # wget http://jaist.dl.sourceforge.net/project/tripwire/tripwire-src/tripwire-2.4.2.2/tripwire-2.4.2.2-src.tar.bz2 # tar jxvf tripwire-2.4.2.2-src.tar.bz2 # cd tripwire-2.4.2.2-src # ./configure # make # make install ### 2.テスト用の監視対象ファイルを作成 # touch /tmp/sample.txt ### 3.動作確認のためのポリシーファイル作成 vi /tmp/twpol.txt ( rulename = "Sample", ) { /tmp/sample.txt -> +p; } # twadmin --create-polfile --site-keyfile /usr/local/etc/site.key /tmp/twpol.txt ### 4.データベースを初期化 # tripwire --init ### 5.なんの変更もない状態で確認 # tripwire --check Parsing policy file: /usr/local/etc/tw.pol *** Processing Unix File System *** Performing integrity check... Wrote report file: /usr/local/lib/tripwire/report/lpic303-CentOS6-20150605-035915.twr Open Source Tripwire(R) 2.4.2.2 Integrity Check Report Report generated by: root Report created on: Fri Jun 5 03:59:15 2015 Database last updated on: Fri Jun 5 03:39:02 2015 =============================================================================== Report Summary: =============================================================================== Host name: lpic303-CentOS6 Host IP address: Unknown IP Host ID: None Policy file used: /usr/local/etc/tw.pol Configuration file used: /usr/local/etc/tw.cfg Database file used: /usr/local/lib/tripwire/lpic303-CentOS6.twd Command line used: tripwire --check =============================================================================== Rule Summary: =============================================================================== ------------------------------------------------------------------------------- Section: Unix File System ------------------------------------------------------------------------------- Rule Name Severity Level Added Removed Modified --------- -------------- ----- ------- -------- Sample 0 0 0 0 (/tmp/sample.txt) Total objects scanned: 1 Total violations found: 0 =============================================================================== Object Summary: =============================================================================== ------------------------------------------------------------------------------- # Section: Unix File System ------------------------------------------------------------------------------- No violations. =============================================================================== Error Report: =============================================================================== No Errors ------------------------------------------------------------------------------- *** End of report *** Open Source Tripwire 2.4 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY; for details use --version. This is free software which may be redistributed or modified only under certain conditions; see COPYING for details. All rights reserved. Integrity check complete. ### 6. 変更を加える setfacl -m user:testuser:rwx /tmp/sample.txt ### 7. 再度チェック tripwire --check Parsing policy file: /usr/local/etc/tw.pol *** Processing Unix File System *** Performing integrity check... Wrote report file: /usr/local/lib/tripwire/report/lpic303-CentOS6-20150605-040008.twr Open Source Tripwire(R) 2.4.2.2 Integrity Check Report Report generated by: root Report created on: Fri Jun 5 04:00:08 2015 Database last updated on: Fri Jun 5 03:39:02 2015 =============================================================================== Report Summary: =============================================================================== Host name: lpic303-CentOS6 Host IP address: Unknown IP Host ID: None Policy file used: /usr/local/etc/tw.pol Configuration file used: /usr/local/etc/tw.cfg Database file used: /usr/local/lib/tripwire/lpic303-CentOS6.twd Command line used: tripwire --check =============================================================================== Rule Summary: =============================================================================== ------------------------------------------------------------------------------- Section: Unix File System ------------------------------------------------------------------------------- Rule Name Severity Level Added Removed Modified --------- -------------- ----- ------- -------- * Sample 0 0 0 1 (/tmp/sample.txt) Total objects scanned: 1 Total violations found: 1 =============================================================================== Object Summary: =============================================================================== ------------------------------------------------------------------------------- # Section: Unix File System ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Rule Name: Sample (/tmp/sample.txt) Severity Level: 0 ------------------------------------------------------------------------------- Modified: "/tmp/sample.txt" =============================================================================== Error Report: =============================================================================== No Errors ------------------------------------------------------------------------------- *** End of report *** Open Source Tripwire 2.4 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY; for details use --version. This is free software which may be redistributed or modified only under certain conditions; see COPYING for details. All rights reserved. Integrity check complete. ### 8. レポート確認 # twprint --print-report --report-level 0 --twrfile /usr/local/lib/tripwire/report/lpic303-CentOS6-20150605-040008.twr Note: Report is not encrypted. TWReport lpic303-CentOS6 20150605040008 V:1 S:0 A:0 R:0 C:1 ———————————————— V:違反の数 S:重要度 A:追加されたファイル・ディレクトリ R:削除されたファイル・ディレクトリ C:変更されたファイル・ディレクトリ ———————————————— ### 9.データベースの更新 # tripwire --update --twrfile /usr/local/lib/tripwire/report/lpic303-CentOS6-20150605-040008.twr Please enter your local passphrase: Wrote database file: /usr/local/lib/tripwire/lpic303-CentOS6.twd ### 10.システム設定ファイルの内容表示・編集 # twadmin --print-cfgfile ROOT =/usr/local/sbin POLFILE =/usr/local/etc/tw.pol DBFILE =/usr/local/lib/tripwire/$(HOSTNAME).twd REPORTFILE =/usr/local/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr SITEKEYFILE =/usr/local/etc/site.key LOCALKEYFILE =/usr/local/etc/lpic303-CentOS6-local.key EDITOR =/bin/vi LATEPROMPTING =false LOOSEDIRECTORYCHECKING =false MAILNOVIOLATIONS =true EMAILREPORTLEVEL =3 REPORTLEVEL =3 MAILMETHOD =SENDMAIL SYSLOGREPORTING =false MAILPROGRAM =/usr/sbin/sendmail -oi -t ### 11.ポリシーファイルの内容確認 # twadmin --print-polfile ( rulename = "Sample", ) { /tmp/sample.txt -> +p; }