Skip to Main Content
Linux Security Cookbook
book

Linux Security Cookbook

by Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
June 2003
Intermediate to advanced content levelIntermediate to advanced
336 pages
8h 54m
English
O'Reilly Media, Inc.
Content preview from Linux Security Cookbook

1.12. Adding Files to the Database

Problem

Tell tripwire to include a file or directory in its database.

Solution

Generate the active policy file in human-readable format. [Recipe 1.2] Add the given file or directory to the active policy file.

To mark the file /bin/ls for inclusion:

/bin/ls  -->  $(SEC_BIN) ;

To mark the entire directory tree /etc for inclusion:

/etc     -->  $(SEC_BIN) ;

To mark /etc and its files, but not recurse into subdirectories:

/etc     -->  $(SEC_BIN) (recurse=1) ;

To mark only the /etc directory but none of its files or subdirectories:

/etc     -->  $(SEC_BIN) (recurse=0);

Then reinitialize the database. [Recipe 1.3]

Discussion

The policy is a list of rules stored in a policy file. A rule looks like:

               filename -> rule ;

which means that the given file (or directory) should be considered compromised if the given rule is broken. For instance,

/bin/login -> +pisug ;

means that /bin/login is suspect if its file permissions (p), inode number (i), size (s), user (u), or group (g) have changed since the last snapshot. We won’t document the full policy syntax because Tripwire’s manual is quite thorough. Our recipe uses a predefined rule in a global variable, SEC_BIN, designating a binary file that should not change.

The recurse= n attribute for a directory tells tripwire to recurse n levels deep into the filesystem. Zero means to consider only the directory file itself.

It’s actually quite likely that you’ll need to modify the policy. The default policy supplied with Tripwire is tailored to ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Linux Administration Cookbook

Linux Administration Cookbook

Adam K. Dean

Publisher Resources

ISBN: 0596003919Errata Page