|
|
Sponsored Content
Special Forums
Cybersecurity
Server has been compromised
Post 302756691 by Neo on Wednesday 16th of January 2013 10:12:58 AM
|
|
9 More Discussions You Might Find Interesting
1. IP Networking
/* Linux Slackware */
looking in my logs I see tons of entries similar to below. Does anyone know what these mean, and should I be concerned. I looked up a few of the IP's at Arin.net and saw that many of them belong to isp's (not good).. Any information is helpful..
Body of Messages log... (1 Reply)
Discussion started by: LowOrderBit
1 Replies
2. Solaris
Hello!
I have a Linux nfs server (called server100 below) with a export nfs. My problem is that the Solaris client (called client100 below) doesn't seems to like it. In the Solaris syslog I got following messages (and after a while the solaris client behave liked its hanged/to buzy). Also see... (3 Replies)
Discussion started by: sap4ever
3 Replies
3. Windows & DOS: Issues & Discussions
Hi All,
I need your expertise in finding a way to solve my problem.Please excuse if this is not the right forum to ask this question and guide me to the correct forum,if possible.
I am a DBA and on a daily basis i have to ftp huge dump files from my company server to my laptop and then... (3 Replies)
Discussion started by: kunwar
3 Replies
4. Shell Programming and Scripting
Dear Friends,
Sorry for this basic request. But I just started learning Ksh recently and still I am a newbie in this field.
Q: I have files on one server and the date format is 20121001000009_224625.in which has year (yyyy) month (mm) and date (dd). I have these files on server A. The task... (8 Replies)
Discussion started by: BrownBob
8 Replies
5. Shell Programming and Scripting
I need to connect to a ftp server-1 from linux server-2 and copy/get a file from server-1 which follows a name pattern of FILENAME* (located on the root directory) and copy on a directory on server-2. Later, I have to use this file for ETL loading... For this I tried using as below
/usr/bin/ftp... (8 Replies)
Discussion started by: dhruuv369
8 Replies
6. Shell Programming and Scripting
Hi ,
Is there any script to copy a files (weblogic bianary + silent.xml ) from one server (linux) to another servers and then execute the copy file.
We want to copy a file on multiple servers and run the installation.
Thanks (1 Reply)
Discussion started by: Nawrajesh
1 Replies
7. UNIX for Dummies Questions & Answers
I have 3 servers A, B, C and server B is having some files in /u01/soa/ directory, these files i want to copy to server C, and i want to run the script from server A.
Script(Server A) --> Files at Server B (Source server) --> Copy the files to Server C(Target Server).
We dont have RSA key... (4 Replies)
Discussion started by: kiran_j
4 Replies
8. Solaris
Hi,
I am trying to automate the process of fetching files from remote server to local server through sftp. I have the username and password for the remote solaris server. But I need to give password manually everytime i run the script.
Can anyone help me in automating the script such that it... (3 Replies)
Discussion started by: ssk250
3 Replies
9. UNIX for Dummies Questions & Answers
Hi everyone,
I hope I am posting in the right spot and I really need some help. I am going through a horrible divorce and I am afraid that my husband has compromised . He set up my mac computer and router and for my job set up remote access for me. I caught him cheating on me and I think he... (6 Replies)
Discussion started by: kk243665
6 Replies
LEARN ABOUT DEBIAN
twconfig
TWCONFIG(4) Kernel Interfaces Manual TWCONFIG(4) NAME
twconfig - Tripwire configuration file reference DESCRIPTION
The configuration file stores system-specific information, including the location of Tripwire data files, and the settings used to send email notification. The configuration file settings are generated during the installation process, but can be changed by the system admin- istrator at any time. The configuration file is signed with the site key, and the site passphrase is required to edit the file. During installation, a signed Tripwire configuration file tw.cfg will be created in the /etc/tripwire directory, and a plain text copy of this configuration file twcfg.txt will be created in the same directory. The configuration file is modified using the twadmin --create-cfgfile command. With this command, the user can designate an existing plain text file as the current configuration file. Using the current site key and passphrase, the new configuration file is cryptographically signed and saved with this command. Components of the Configuration File The Tripwire configuration file is structured as a list of keyword-value pairs, and may also contain comments and variable definitions. Any lines with "#" in the first column are treated as comments. The general syntax for variable definition is: keyword = value For example: ROOT = /usr/tripwire EDITOR = /usr/local/bin/jove Variable substitution on the right hand side is permitted using the syntax: $( varname ) For example: DBFILE = $(ROOT)/db/$(HOSTNAME).twd Variable names are case-sensitive, and may contain all alphanumeric characters, underscores, the characters "+-@:", and the period. Two variables are predefined in the configuration file, and may not be changed. HOSTNAME is the unqualified hostname that Tripwire is running on, and DATE is a string representation of the date and time. Required Variables The following variables must be set in order for Tripwire to operate. The values listed below are assigned during installation. POLFILE
Default = /etc/tripwire/tw.pol DBFILE
Default = /var/lib/tripwire/$(HOSTNAME).twd REPORTFILE
Default = /var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr SITEKEYFILE
Default = /etc/tripwire/site.key LOCALKEYFILE
Default = /etc/tripwire/$(HOSTNAME)-local.key Other Variables The following variables are not required to run Tripwire, but some of the program's functionality will be lost without them. The values assigned during installation are listed. EDITOR Specifies an editor to be used in interactive modes. If EDITOR is not defined, and no editor is specified on the command line, using interactive modes will cause an error. Initial value: /bin/vi TEMPDIRECTORY This variable can be set to the location to which tripwire should write its temporary files. By default it is /tmp, which due to the default permissions can be very insecure. It is recommended that you use this configuration variable to provide tripwire with a secure place to write temporary files. The directory used should have its permissions set such that only the owning process can read/write to it, i.e. "chmod 700". Initial value: /tmp GLOBALEMAIL This variable is set to a list of email addresses separated by either a comma ",", or semi-colon ";". If a report would have nor- mally been sent out, it will also be send to this list of recipients. Initial value: none LATEPROMPTING Prompt for passphrase as late as possible to minimize the amount of time that the passphrase is stored in memory. If the value is true (case-sensitive), then late prompting is turned on. With any other value, or if the variable is removed from the configuration file, late prompting is turned off. Initial value: false LOOSEDIRECTORYCHECKING When a file is added or removed from a directory, Tripwire reports both the changes to the file itself, and the modification to the directory (size, num links, etc.). This can create redundant entries in Tripwire reports. With loose directory checking, Tripwire will not check directories for any properties that would change when a file was added or deleted. This includes: size, number of links, access time, change time, modification time, number of blocks, growing file, and all hashes. If the value for this variable is true (case-sensitive), then loose directory checking is turned on, and these properties will be ignored for all directories. With any other value, or if the variable is removed from the configuration file, loose directory checking is turned off. Turning loose directory checking on is equivalent to appending the following propertymask to the rules for all directory inodes: -snacmblCMSH Initial value: false SYSLOGREPORTING If this variable is set to true, messages are sent to the syslog for four events: database initialization, integrity check comple- tions, database updates, and policy updates. The syslog messages are sent from the "user" facility at the "notice" level. For more information, see the syslogd(1) man page and the syslog.conf file. The following illustrates the information logged in the syslog for each of the four events: Jun 18 14:09:42 lighthouse tripwire[9444]: Database initialized: /var/lib/tripwire/test.twd Jun 18 14:10:57 lighthouse tripwire[9671]: Integrity Check Complete: TWReport lighthouse 20000618141057 V:2 S:90 A:1 R:0 C:1 Jun 18 14:11:19 lighthouse tripwire[9672]: Database Update Complete: /var/lib/tripwire/test.twd Jun 18 14:18:26 lighthouse tripwire[9683]: Policy Update Complete: /var/lib/tripwire/test.twd The letters in the Integrity Checking log correspond to # of violations, maximum severity level, and # of files added, deleted, and changed, respectively. With any value other than true, or if this variable is removed from the configuration file, syslog reporting will be turned off. Initial value: true REPORTLEVEL Specifies the default level of report produced by the twprint --print-report mode. Valid values for this option are 0 to 4. The report level specified by this option can be overridden with the (-t or --report-level) option on the command line. If this variable is not included in the configuration file, the default report level is 3. Note that only reports printed using the twprint --print-report mode are affected by this parameter; reports displayed by other modes and other commands are not affected. Initial value: 3 Email Notification Variables MAILMETHOD Specifies the protocol to be used by Tripwire for email notification. The only acceptable values for this field are SMTP or SEND- MAIL. Any other value will produce an error message. Initial value: SENDMAIL SMTPHOST Specifies the domain name or IP address of the SMTP server used for email notification. Ignored unless MAILMETHOD is set to SMTP. Initial value: mail.domain.com SMTPPORT Specifies the port number used with SMTP. Ignored unless MAILMETHOD is set to SMTP. Initial value: 25 MAILPROGRAM Specifies the program used for email reporting of rule violations if MAILMETHOD is set to SENDMAIL. The program must take an RFC822 style mail header, and recipients will be listed in the "To:" field of the mail header. Some mail programs interpret a line con- sisting of only a single period character to mean end-of-input, and all text after that is ignored. Since there is a small possi- bility that a Tripwire report would contain such a line, the mail program specified must be able to ignore lines that consist of a single period (the -oi option to sendmail produces this behavior). Initial value: /usr/lib/sendmail -oi -t EMAILREPORTLEVEL Specifies the default level of report produced by the tripwire --check mode email report. Valid values for this option are 0 to 4. The report level specified by this option can be overridden with the (-t or --email-report-level) option on the command-line. If this variable is not included in the configuration file, the default report level is 3. Initial value: 3 MAILNOVIOLATIONS This option controls the way that Tripwire sends email notification if no rule violations are found during an integrity check. If MAILNOVIOLATIONS is set to false and no violations are found, Tripwire will not send a report. With any other value, or if the vari- able is removed from the configuration file, Tripwire will send an email message stating that no violations were found. Mailing reports of no violations allows an administrator to distinguish between unattended integrity checks that are failing to run and integrity checks that are running but are not finding any violations. However, mailing no violations reports will increase the amount of data that must be processed. Initial value: true VERSION INFORMATION
This man page describes Tripwire 2.4. AUTHORS
Tripwire, Inc. COPYING PERMISSIONS
Permission is granted to make and distribute verbatim copies of this man page provided the copyright notice and this permission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this man page under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Permission is granted to copy and distribute translations of this man page into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by Tripwire, Inc. Copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved. SEE ALSO
twintro(8), tripwire(8), twadmin(8), twprint(8), siggen(8), twpolicy(4), twfiles(5), sendmail(1), vi(1), syslogd(1) 1 July 2000 TWCONFIG(4)