لطفا منتظر باشید ...
Recipe 1.12 Adding Files to the Database
1.12.1 Problem
Tell tripwire to
include a file or directory in its database.
1.12.2 Solution
Generate the active
Recipe 1.2] Add the given file or directory to the active
policy file.To mark the file /bin/ls for inclusion:
/bin/ls --> $(SEC_BIN) ;
To mark the entire directory tree /etc for
inclusion:
/etc --> $(SEC_BIN) ;
To mark /etc and its files, but not recurse into
subdirectories:
/etc --> $(SEC_BIN) (recurse=1) ;
To mark only the /etc directory but none of its
files or subdirectories:
/etc --> $(SEC_BIN) (recurse=0);
Then reinitialize the database. [Recipe 1.3]
1.12.3 Discussion
The policy is a list of rules stored in a policy file. A rule looks
like:
filename -> rule ;
which means that the given file (or directory) should be considered
compromised if the given rule is broken. For instance,
/bin/login -> +pisug ;
means that /bin/login is suspect if its
file permissions (p), inode number (i),
size (s), user (u), or group (g) have changed since the last
snapshot. We won't document the full policy syntax
because Tripwire's manual is quite thorough. Our
recipe uses a predefined rule in a global variable,
SEC_BIN, designating a binary file that should
not change.The recurse=
n
attribute for a directory tells tripwire to recurse
n levels deep into the filesystem. Zero
means to consider only the directory file itself.It's actually quite likely that
you'll need to modify the policy. The default policy
supplied with Tripwire is tailored to a specific type of system or
Linux distribution, and contains a number of files not necessarily
present on yours.
1.12.4 See Also
The Tripwire manual has detailed documentation on the policy file
format.
