#install package
apt-get -y install tripwire
#generate keys
twadmin --generate-keys --local-keyfile /etc/tripwire/$(HOSTNAME)-local.key
twadmin --generate-keys --site-keyfile /etc/tripwire/site.key
#create config and policy file
twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt
twadmin --create-polfile -S /etc/tripwire/site.key /etc/tripwire/twpol.txt
# init database
tripwire --init
#check
tripwire --check --quiet --email-report >/var/log/tripware.log
tripwire --check --quiet --email-report --email-report-level 1 >/var/log/tripware.log
# backup and remove *.txt config file !!!
# edit cron file for email report
vi /etc/cron.d/tripware
>30 3 * * 1-6 root test -x /usr/sbin/tripwire && /usr/sbin/tripwire --check --quiet --email-report --email-report-level 1 >/var/log/tripware.log
>30 3 * * 0 root test -x /usr/sbin/tripwire && /usr/sbin/tripwire --check --quiet --email-report --email-report-level 4 >/var/log/tripware.log
#
rm -f /etc/cron.daily/tripwire
# update policy
tripware --update-policy --secure-mode low /etc/tripwire/twpol.txt
Подписаться на:
Комментарии к сообщению (Atom)
0 коммент.:
Отправить комментарий