-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 07 Oct 2003 09:34:29 -0400, Edward Croft wrote:
> Okay, I have been beating my head regarding tripwire. First off, let me
> thank Bret Hughes for his twpolclean.pl. That decreased my error count
> due to files not on the syst
Okay, I have been beating my head regarding tripwire. First off, let me
thank Bret Hughes for his twpolclean.pl. That decreased my error count
due to files not on the system.
My question though has to do with the Change Time. I back up my systems
every night and that appears to change a time. I
On Fri, 2003-10-03 at 07:57, Edward Croft wrote:
> I have been trying to get tripwire configured, but because I run nightly
> backups I get warnings due to time changes on files. I have added the -a
> which I thought was to ignore access times, but I still get it. It makes
> tri
I have been trying to get tripwire configured, but because I run nightly
backups I get warnings due to time changes on files. I have added the -a
which I thought was to ignore access times, but I still get it. It makes
tripwire almost useless as it reports over 2000 errors. Most of the
errors are
On Wed, 2003-10-01 at 09:34, Leonard Miller wrote:
> I'm one step ahead of you Bret.
>
Not anymore! see the new version at
http://www.elevating.com/bret/twpolclean.pl
and one you can actually read online at
http://www.elevating.com/bret/twpolclean.pl.txt
#
# changelog
#
# 2003-10-1 [EMAI
;
> >Bret
> >
> >
> >
> >
> Hi Bret,
>
> Thanks. That I do appreciate!!! Will this script go in to the
> twpol.txt and edit it for cleaning up any of the files and maybe damons
> that are not being used? I found the tripwire page and followed their
y of the files and maybe damons
that are not being used? I found the tripwire page and followed their
instructions up to the point of going in and cleaning out the twpol.txt
file. It was late last night when I did this and I have not had a
chance to get back to it yet. Again Thanks for the scrip
On Wed, 2003-10-01 at 09:15, Bret Hughes wrote:
> On Wed, 2003-10-01 at 07:04, Steve Gonzales wrote:
> > Hi, Lee.
> >
> > You have to initialize the tripwire database by going into /etc/tripwire
> > and running ./twinstall.sh. I'm not too up on tripwire, but
On Wed, 2003-10-01 at 07:04, Steve Gonzales wrote:
> Hi, Lee.
>
> You have to initialize the tripwire database by going into /etc/tripwire
> and running ./twinstall.sh. I'm not too up on tripwire, but that
> command should stop the emails.
>
The default twpol.txt h
> You have to initialize the tripwire database by going into /etc/tripwire
> and running ./twinstall.sh. I'm not too up on tripwire, but that
> command should stop the emails.
>
> HIH!
> --
> Steven C. Gonzales, RHCE, MCSE
> Louisiana State University[EMAIL P
Hi, Lee.
You have to initialize the tripwire database by going into /etc/tripwire
and running ./twinstall.sh. I'm not too up on tripwire, but that
command should stop the emails.
HIH!
--
Steven C. Gonzales, RHCE, MCSE
Louisiana State University [EMAIL PROTECTED]
Divisi
Ian Mortimer wrote:
I'm running RH9 with all the latest updates. I have been noticeing in
mail to root about Tripwire. Is Tripwire automaticly setup when
installing RH or do you have to set it up after installing?
You have to set it up:
cd /etc/tripwire
vi twpo
> I'm running RH9 with all the latest updates. I have been noticeing in
> mail to root about Tripwire. Is Tripwire automaticly setup when
> installing RH or do you have to set it up after installing?
You have to set it up:
cd /etc/tripwire
vi twpol.txt # cust
Hi All,
One quick dumb newbie question, especially since I am still a newbie!!
I'm running RH9 with all the latest updates. I have been noticeing in
mail to root about Tripwire. Is Tripwire automaticly setup when
installing RH or do you have to set it up after installing? I have
fi
On Fri, 2003-08-15 at 17:06, Michael Schwendt wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 15 Aug 2003 16:44:41 -0400, Edward Croft wrote:
>
> > > > I have tripwire installed on all my servers, yet it is useless because I
> > > >
On Fri, 2003-08-15 at 14:06, Michael Schwendt wrote:
> That would be a very paranoid setting and only appropriate for special
> files which should not be accessed by anyone.
In that case you should probably just delete them
--
Cliff Wells, Software Engineer
Logiplex Corporation (www.logiplex.n
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 15 Aug 2003 16:44:41 -0400, Edward Croft wrote:
> > > I have tripwire installed on all my servers, yet it is useless because I
> > > backup the servers and that changes the timestamps so that tripwire
> > > reports
On Fri, 2003-08-15 at 15:58, Michael Schwendt wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 15 Aug 2003 12:31:26 -0400, Edward Croft wrote:
>
> > I have tripwire installed on all my servers, yet it is useless because I
> > backup the servers and tha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 15 Aug 2003 12:31:26 -0400, Edward Croft wrote:
> I have tripwire installed on all my servers, yet it is useless because I
> backup the servers and that changes the timestamps so that tripwire
> reports the files.
I don't understa
I have tripwire installed on all my servers, yet it is useless because I
backup the servers and that changes the timestamps so that tripwire
reports the files. Instead of one or two accesses, I get thousands. I
have read through the documentation and thought I had changed it to fix
it, but the
On 9 Jun 2003, Patrick Nelson wrote:
> Although this may be correct... If you really plan to utilize tripwire
> to monitor you system you need to edit the policy file to exactly match
> your system. The default policy is for a starting point to edit your
> policy to match your syste
On Sun, 2003-06-08 at 12:08, Todd A. Jacobs wrote:
> I was curious to know if there was a good reason for not including the
> libexec directories in the default tripwire policy. It seems like a lot of
> critical binaries are stored there.
>
Although this may be correct... If you re
I was curious to know if there was a good reason for not including the
libexec directories in the default tripwire policy. It seems like a lot of
critical binaries are stored there.
--
The DMCA is anti-consumer. The RIAA has no right to rewrite copyright
laws to suit themselves.
--
redhat
> -Original Message-
> From: Michael Fratoni [mailto:[EMAIL PROTECTED]
> # tripwire -m p -Z low /etc/tripwire/twpol.txt
> Parsing policy file: /etc/tripwire/twpol.txt
> Please enter your local passphrase:
> Please enter your site passphrase:
> Policy Updat
Paul Greene wrote:
> Any tripwire gurus out there?
>
> I have two tripwire related questions that I hope are easy enough to
> answer.
>
> I recently installed tripwire on a Redhat 7.0 webserver using an RPM
> file, and ran the twinstall.sh script. Then I ran the fo
On Sun, 2003-03-30 at 19:26, Leonard Miller wrote:
> You have to edit the twpol.txt and twcfg.txt files and comment out
> everything that is in the report as missing. Then you have to
> re-initialze the database. There should be a quickstart.txt file in the
> /etc/tripwire directo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sunday 30 March 2003 07:16 pm, Paul Greene wrote:
> Any tripwire gurus out there?
>
> I have two tripwire related questions that I hope are easy enough to
> answer.
>
> I recently installed tripwire on a Redhat 7.0 webserver u
You have to edit the twpol.txt and twcfg.txt files and comment out
everything that is in the report as missing. Then you have to
re-initialze the database. There should be a quickstart.txt file in the
/etc/tripwire directory. Then you can backup the /etc/tripwire and
/var/lib/tripwire
Any tripwire gurus out there?
I have two tripwire related questions that I hope are easy enough to answer.
I recently installed tripwire on a Redhat 7.0 webserver using an RPM
file, and ran the twinstall.sh script. Then I ran the following commands
to initialize the database and update the
On Thu, Mar 20, 2003 at 04:46:30PM -0800, mike Hughes wrote:
> Whats Up!
>
> think they are suppose to be there???
>
> "/var/log/snort/206.204.10.200"
> "/var/log/snort/206.204.10.200/ICMP_ECHO"
> "/var/log/snort/206.204.10.200/TCP:4325-1080"
> "/var/log/snort/206.204.10.200/TCP:5097-1080"
> "/va
mike Hughes said:
> Whats Up!
>
> I have Bind9 and the snort 1.9.1 running on my Linux 7.3 machine. But
> "/var/log/snort/206.204.10.200"
> "/var/log/snort/206.204.10.200/ICMP_ECHO"
> // Queries. Duh.
> category queries { named_info; };
change from named_info; to null;
t
> -Original Message-
> From: mike Hughes
> Sent: Thursday, March 20, 2003 6:47 PM
> Subject: Bind and Snort filling up LOGs and Tripwire!
>
>
> Whats Up!
>
> I have Bind9 and the snort 1.9.1 running on my Linux 7.3
> machine. But these 2 programs runnin
Whats Up!
I have Bind9 and the snort 1.9.1 running on my Linux 7.3 machine. But these
2 programs running are filling up my /var/log/messages and my TRIPWIRE
reports logs. here is an example of what im talking about:I get these
messages in mmy TRIPWIRE reports and /var/log/messages file(its all
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tuesday 04 February 2003 08:10 pm, Tasha Smith wrote:
[snip]
> Ok my problem is when tripwire sends a report with still a lot of stuff
> that i dont want
>
> it to
>
> check like:
>
> "/root/.mozilla/default/5w5t16dp
I don't know the depth of Tripwire setting. But I didn't have problem when I
set it up with RH8.0 reffering to RedHat's refference manual. It might help
you too. The doc for RH7.3 is below:
http://www.redhat.com/docs/manuals/linux/RHL-7.3-Manual/ref-guide/
Good luck!
Tos
Hiii,
Im running RedHat 7.3(2.4.20) And tripwire-2.3-47. I set it up using this tutorial
which i think is the easiest to understand and the best one i found
http://www.linuxsecurity.com/feature_stories/tripwire-2.html for anyone else who
needs a lil help'
Ok my problem is when tripwire se
I have been upgrading a lot of machines lately and found myself wading
through lists of files not found as I was getting tripwire setup using
the default policy file distributed with RHL 7.3 So I wrote the perl
script below and thought I would share it with the world.
It is almost too simple
I am setting up two new machines and wanting to run tripwire, I thought
it was time to fix the policy that sends violation reports for all the
logs that change. I am not sure if the issue it that they get added to
or if it is due to logrotate.
What do you folks that run tripwire do to elliminate
Monday 02 December 2002 10:16 am, you did posit:
> > -Original Message-
> > From: Allen Wayne Best [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, November 29, 2002 1:27 AM
> > To: [EMAIL PROTECTED]
> > Subject: Tripwire Report via Mail
> >
> >
>
> -Original Message-
> From: Allen Wayne Best [mailto:[EMAIL PROTECTED]]
> Sent: Friday, November 29, 2002 1:27 AM
> To: [EMAIL PROTECTED]
> Subject: Tripwire Report via Mail
>
>
> hi all:
>
> i am having a most curious problem with tripwire on one of my
On Friday 29 November 2002 14:35, Jonathan Gaudette wrote:
> Can you manually send an e-mail from the tripwire machine to the e-mail
> address you want to send the e-mail's to (ie, with the 'mail' command).
>
> Have you checked your logs to see for any error messages? D
Can you manually send an e-mail from the tripwire machine to the e-mail
address you want to send the e-mail's to (ie, with the 'mail' command).
Have you checked your logs to see for any error messages? Do you
receive any type of error messages when you run tripwire manually?
-Jo
hi all:
i am having a most curious problem with tripwire on one of my servers. it
will not mail the report to the GLOBALEMAIL recepient. the server and
workstations work fine. the two servers are near identical, one being the
fall back for the other. their configuration files (twcfg.txt) are
I was hoping someone could give me some input on tripwire? I
have redhat servers that do IDS, DNS, and webserver. What would you do as far
as tripwire goes? Should I run it on all of them? Just the dns and webserver?
Any thoughts would be helpful. Thanks in advance.
I was also having
I have tripwire-2.3.1-10 installed on RH 7.3 and have tested the email functionality
in Tripwire by running "/usr/sbin/tripwire --test --email [EMAIL PROTECTED]". The
problem I am having is when an integrity check ("/usr/sbin/tripwire --check") runs and
finds a violation
I am really curious as to why there is no cron.daily script installed by
your rpm. what does
rpm -ql tripwire |grep cron
show?
Here is what mine looks like:
[bhughes@bru1 bhughes]$ rpm -ql tripwire |grep cron
/etc/cron.daily/tripwire-check
[bhughes@bru1 bhughes]$
I get nervous when
f an "old hand", mind you) on the
list, I think it's important to show what's doing what. I felt this was a
bit muddy in some messages.
> What good is updating and maintaining security if you were
> compromised three months ago and didn't know it? Tripwire and monitoring
&
At 03:06 21.10.2002, linux power said:
[snip]
>How to start tripwire from cron.daily?
>I've just installed tripwire but it does not
>appear in cron.daily.
>How do I apply that?
[snip]
You need to
Thank you very much.
I had to use your shell script.
--- Ernest E Vogelsinger <[EMAIL PROTECTED]>
skrev: > At 03:06 21.10.2002, linux power said:
> [snip]
> >How to start tripwire from cron.daily?
> >I've just installed tripw
I installed from rpm and it isent there.
--- Michael Fratoni <[EMAIL PROTECTED]>
skrev: > -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Sunday 20 October 2002 09:06 pm, linux power
> wrote:
> > How to start tripwire from cron.daily?
> > I've j
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sunday 20 October 2002 09:06 pm, linux power wrote:
> How to start tripwire from cron.daily?
> I've just installed tripwire but it does not
> appear in cron.daily.
> How do I apply that?
Did you install tripwire via an rpm p
How to start tripwire from cron.daily?
I've just installed tripwire but it does not
appear in cron.daily.
How do I apply that?
=
http://home.no.net/~knutove/knut_ove_hauge_kuren.htm
__
Se den nye Yahoo! Mail på http://no.yahoo.com/
+++ [EMAIL PROTECTED] [RedHat] [Fri, Oct 18, 2002 at 02:42:25PM -0700]:
> Sorry, First time with linux/redhat this week. Where do I locate the
> log files that you guys have been talking about?
You'll find many logs to watch in /var/log/. Messages is a very common log
file where many programs wi
Sorry. My fault.
Anyway. So many thanks for your answers.
Ernest E Vogelsinger <[EMAIL PROTECTED]> wrote:
At 14:30 19.10.2002, linux power said:[snip]>I dont know how to read it. Its encrypted.[snip] Hey - I already to
At 14:30 19.10.2002, linux power said:
[snip]
>I dont know how to read it. Its encrypted.
[snip]
Hey - I already told you in the same mail:
>> twprint -m r -r |less
>O Ernest E. Vogelsinger
(\)
I dont know how to read it. Its encrypted.
--- Ernest E Vogelsinger <[EMAIL PROTECTED]>
skrev: > At 21:53 18.10.2002, linux power said:
> [snip]
> >I'am new to tripwire so I dont know exactly how to
> use
> >it. I have buil
Thank you very much for the answers.
--- Ernest E Vogelsinger <[EMAIL PROTECTED]>
skrev: > At 21:53 18.10.2002, linux power said:
> [snip]
> >I'am new to tripwire so I dont know exactly how to
> use
> >it. I have buil
On Fri, 2002-10-18 at 13:01, linux power wrote:
> The problem when I got hacked were that the firewall
> logging is turned off,and I'am not able to turn it on
> because --log-prefix /var/log/firewall in the iptables
> is no longer recognized as a valid path, so no
> logging. I got a warning about i
On Fri, Oct 18, 2002 at 09:53:29PM +0200, linux power wrote:
> I'am new to tripwire so I dont know exactly how to use
> it. I have build the databse with tripwire -m i
> and tried the check with tripwire -m c
> But when I ran tripwire -m u I got an error message
> about a
been changed and I dont know
which. It happend before I installed tripwire, and I
have tried other paths, but the same warning.
--- Andrew MacKenzie <[EMAIL PROTECTED]> skrev: > +++
Thomas Ribbrock [RedHat] [Fri, Oct 18, 2002 at
> 12:12:33PM +0200]:
> > On Fri, Oct 18, 2002 at
Please recommend a excellent firewall .
On Friday, October 18, 2002, at 03:25 PM, Mitchell Wright wrote:
On 10/18/02 4:31 PM, "Javier Gostling" <[EMAIL PROTECTED]> wrote:
On Fri, Oct 18, 2002 at 09:53:29PM +0200, linux power wrote:
I'am new to tripwire so I dont kn
At 21:53 18.10.2002, linux power said:
[snip]
>I'am new to tripwire so I dont know exactly how to use
>it. I have build the databse with tripwire -m i
>and tried the check with tripwire -m c
>But when I ran tripwire -m u I got an error mess
On 10/18/02 4:31 PM, "Javier Gostling" <[EMAIL PROTECTED]> wrote:
> On Fri, Oct 18, 2002 at 09:53:29PM +0200, linux power wrote:
>
>> I'am new to tripwire so I dont know exactly how to use
>> it. I have build the databse with tripwire -m i
>> and tri
:46AM +0100, Nick Lindsell wrote:
The Tripwire documentation suggests that the database be
held on a floppy which is then write-protected - should
prevent a blackhat getting to it.
Ok, so lets say I have the original Tripwire DB on a read-only medium
(CD-ROM would work, too, I suppose). But it still
I'am new to tripwire so I dont know exactly how to use
it. I have build the databse with tripwire -m i
and tried the check with tripwire -m c
But when I ran tripwire -m u I got an error message
about a file it couldnt find.
Also I dont know how the intruder detection works.I
even know if tri
+++ Thomas Ribbrock [RedHat] [Fri, Oct 18, 2002 at 12:12:33PM +0200]:
> On Fri, Oct 18, 2002 at 10:04:46AM +0100, Nick Lindsell wrote:
> > The Tripwire documentation suggests that the database be
> > held on a floppy which is then write-protected - should
> > prevent a b
On Vie 18 Oct 2002 16:01, Bret Hughes wrote:
> On Fri, 2002-10-18 at 11:26, linux power wrote:
> > Its easy for a hacker to find out if you have tripwire installed and then
> > locate the database file and then delete it.
>
> Which in and of itself provides one of the
On Fri, 2002-10-18 at 11:26, linux power wrote:
>
> Its easy for a hacker to find out if you have tripwire installed and then locate the
> database file and then delete it.
Which in and of itself provides one of the main functions of the
service. Intrusion Dectection. I have not be
Thanks for the info Jason. I've once ran portsentry and ipchains when I was a very
new newbie.Now I'am only newbie. But at that time I'll never understood how it worked.
Jason Costomiris <[EMAIL PROTECTED]> wrote:
On Fri, Oct 18, 2002 at 12:12:33PM +0200, Thomas Ribbrock wrote:: Further, I've been
Its easy for a hacker to find out if you have tripwire installed and then locate the
database file and then delete it.
Ernest E Vogelsinger <[EMAIL PROTECTED]> wrote:
> -Ursprungliche Nachricht-> Von: [EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED]]Im Auftrag von Nick Lin
> -Ursprungliche Nachricht-
> Von: [EMAIL PROTECTED]
> [mailto:redhat-list-admin@;redhat.com]Im Auftrag von Nick Lindsell
> Gesendet: Freitag, 18. Oktober 2002 10:05
> An: [EMAIL PROTECTED]
> Betreff: Re: Tripwire (Re: Tonight I got hacked.)
>
> The Tripwire doc
On Fri, Oct 18, 2002 at 12:12:33PM +0200, Thomas Ribbrock wrote:
: Further, I've been thinking about portsentry. What's the use of it?
You're not the only one who wonders this.
: If you
: have a firewall set up that's only allowing access to specifically defined
: ports from the outside on which
Changed the subject to keep it a bit more general - I still have a few
thoughts and questions... :-)
On Fri, Oct 18, 2002 at 10:04:46AM +0100, Nick Lindsell wrote:
> The Tripwire documentation suggests that the database be
> held on a floppy which is then write-protected - should
>
However if you have this _and_ are root _and have gained shell access you
_can_ update the tripwire database after making your changes. The only
thing a good sysop will notice, however, is the last modification time of
the tripwire database, and that possibly some items it had in alert state
At 09:25 18.10.2002, Thomas Ribbrock said:
[snip]
>On Thu, Oct 17, 2002 at 01:29:53PM -0700, Todd A. Jacobs wrote:
>[...]
>> - Install portsentry.
>> - Configure tripwire and READ the reports.
>> - Install logsen
On Thu, Oct 17, 2002 at 01:29:53PM -0700, Todd A. Jacobs wrote:
[...]
> - Install portsentry.
> - Configure tripwire and READ the reports.
> - Install logsentry and READ the reports.
[...]
The one thing I don't understand here is: How can these tools help against a
ded
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 15 August 2002 12:24 pm, Brian Lucas wrote:
> Great newbie question:
>
> I am interested in using tripwire on RH 7.2. I run tripwire --init and
> get an error indicating that my config file is bad. I just used
> twcfg.tx
Title: Tripwire Initialization
Great newbie question:
I am interested in using tripwire on RH 7.2. I run tripwire --init and get an error indicating that my config file is bad. I just used twcfg.txt as the config file (renaming it to tw.cfg). Is there a place I can setup this config file
John Horne wrote:
->>>>
Note, that I found under RH 7.2 (and 7.1 I think), that the email option
didn't work under that default installed tripwire rpm. I had to upgrade to
version 2.3.1-5 to get the option to work (not sure if RH released this as
an update or if
here is a reference to the profile files
>> email to entry but I could not find one in the profile. Looked at
>> tripwire.org site too... Anyone know how to do this?
>
> This is from the file:
>
> /etc/tripwire/twpol.cfg
>
># Email support is not included and mus
Carl Riches wrote:
->>>>
This is from the file:
/etc/tripwire/twpol.cfg
# Email support is not included and must be added to this file.
# #
# Add the 'emailto=' to the rule directive section of each rule (add a comma
# #
# after the 'severity='
; but I could not find one in the profile. Looked at tripwire.org site too...
> Anyone know how to do this?
>
>
This is from the file:
/etc/tripwire/twpol.cfg
# Email support is not included and must be added to this file. # #
# Add the 'emailto=' to the rule d
Anyone know how to change the email address that the daily (cron job) report
gets mailed to. I've search for this answer in the docs and man pages but
can not find it. There is a reference to the profile files email to entry
but I could not find one in the profile. Looked at tripwire.org site t
Hi All,
Had to manually "erase" all the tripwire files and directories. Did so
and reinstalled tripwire. Worked like a charm.
Thanks to all,
Bill
[EMAIL PROTECTED]
GET INTERNET ACCESS FROM JUNO!
Juno offers FREE
have you run twinstall.sh ? That is where you create those passphrases.
I think it's in /etc/somewhere:
cd /etc
find . -name "twinstall.sh"
HTH
Billy R Nordyke wrote:
> Hi All,
>
> When I try to install tripwire it asks for the local passphrase. I've
> rea
Hi,
Yes, I'm running /etc/tripwire/twinstall.sh when tryking to "install" it.
Guess I better un-install and re-install it.
It'll take a while, I'll let you know.
Thanks
Bill
[EMAIL PROTECTED]
GET INTERN
On Mon, 25 Mar 2002, Billy R Nordyke wrote:
> Hi All,
>
> When I try to install tripwire it asks for the local passphrase. I've
> read the man pages but can't figure out how to set the passphrase. I've
> tried [root@localhost]#tripwire -I -P --local-pas
Hi All,
When I try to install tripwire it asks for the local passphrase. I've
read the man pages but can't figure out how to set the passphrase. I've
tried [root@localhost]#tripwire -I -P --local-passphrase and
various similar combinations. When I enter a passphrase when
Stephen,
I've been using tripwire on my system for years now. It's kind of
like having a fire extinguisher in your kitchen; you hope you never
have to use it, but you're glad it's there if you have a problem.
Tripwire is an Intrusion Detection System (IDS) that builds a d
Tripwire is designed for intrusion detection. ANY changes to the file
system can be detected, whether it's a deleted file, a newly created
file, or file that has been altered in some way. Tripwire is setup to
send out an email on a daily basis, giving you a full report on what'
The root user on my Linux hosts get an email message daily that reads:
/etc/cron.daily/tripwire-check:
Error: Tripwire database for slin01dx not found.
Run /etc/tripwire/twinstall.sh and/or tripwire --init.
The man page describes tripwire as "a file integrity ch
netstat -at will show what's open, just comment out whatever you don;t
want in inetd or xinetd. Tripwire is built for a RH 7.0 install of
"everything" so you'll have to edit the policy text file to comment out
the files you don't have and run twinstall.sh and tripwire
On Thu, May 03, 2001 at 08:08:28PM -0400, Devon wrote:
> >
> I'm not sure what version of Tripwire your running, but you should
> find some documentation in /usr/share/doc/tripwire-2.3.0/ (for the
> most recent release at any rate) You should also be able to find
> mor
On Thursday 03 May 2001 05:57 pm, Jeff Graves wrote:
>Also, I installed the rpm for tripwire but the documentation sucks
> (acutally, I couldn't find anything but comments in what I think were
> config files). The website tripwire.org didn't have anything either. Does
&
act, do that regularly; you never
know when the kiddies will get you again, and one of the nice things
about using nmap in addition to netstat is that they can't trojan nmap
on a box they haven't 0wn3d.
> I think I closed everything but I want to be
> sure. Also, I installed the
There's a lot of info in the man pages for tripwire. Essentially it is a
nifty way to tell if any of your files have changed. If they have, and it
wasn't by you, you know something is up. It's typically ran as a cron job
and you can have it email you what it finds.
-O
nt to be
sure. Also, I installed the rpm for tripwire but the documentation sucks
(acutally, I couldn't find anything but comments in what I think were config
files). The website tripwire.org didn't have anything either. Does anyone
know of any documents that can tell me exactly what the h
Once tripwire's setup and functioning, how can one change the site,
and local passwords?
--
W |
| I haven't lost my mind; it's backed up on tape somewhere.
|
~~~
On Wed, 17 Jan 2001, loren jan wilson wrote:
> check out the following. tripwire is being confused by it.
> (it's a real segfault...it doesn't say "segmentation fault" in the
> file.:)
> i'm running redhat 6.2 on a dell pentium III.
> how can i f
check out the following. tripwire is being confused by it.
(it's a real segfault...it doesn't say "segmentation fault" in the
file.:)
i'm running redhat 6.2 on a dell pentium III.
how can i fix this problem? and why is it happening?
[ljwilson@queens ljwilson]$ ca
1 - 100 of 116 matches
Mail list logo
