之后会再要你输入正确的 site pass phrase， 此时会对 twpol.txt 及 twcfg.txt 分别进行加密处理， 由原始文本文件产生 tw.pol 及 tw.cfg。过程如附图所示： [root@localhost tripwire]# ./twinstall.sh

----------------------------------------------

The Tripwire site and local passphrases are used to

sign a variety of files, such as the configuration,

policy, and database files.

Passphrases should be at least 8 characters in length

and contain both letters and numbers.

See the Tripwire manual for more information.

----------------------------------------------

Creating key files...

(When selecting a passphrase, keep in mind that good passphrases typically

have upper and lower case letters, digits and punctuation marks, and are

at least 8 characters in length.)

Enter the site keyfile passphrase:

Verify the site keyfile passphrase:

Generating key (this may take several minutes)...Key generation complete.

(When selecting a passphrase, keep in mind that good passphrases typically

have upper and lower case letters, digits and punctuation marks, and are

at least 8 characters in length.)

Enter the local keyfile passphrase:

Verify the local keyfile passphrase:

Generating key (this may take several minutes)...Key generation complete.

----------------------------------------------

Signing configuration file...

Please enter your site passphrase:

Wrote configuration file: /etc/tripwire/tw.cfg

A clear-text version of the Tripwire configuration file

/etc/tripwire/twcfg.txt

has been preserved for your inspection.  It is recommended

that you delete this file manually after you have examined it.

----------------------------------------------

Signing policy file...

Please enter your site passphrase:

Wrote policy file: /etc/tripwire/tw.pol

A clear-text version of the Tripwire policy file

/etc/tripwire/twpol.txt

has been preserved for your inspection.  This implements

a minimal policy, intended only to test essential

Tripwire functionality.  You should edit the policy file

to describe your system, and then use twadmin to generate

a new signed copy of the Tripwire policy.

You have new mail in /var/spool/mail/root

在 twinstall.sh 执行完毕后，建议把 twpol.txt 及 twcfg.txt 这两个文本文件删除或移至别处。

8.       执行 tripwire -m i 来建立指纹数据库，它会要求你输入 local pass phase。

[root@localhost tripwire]# tripwire -m i

Please enter your local passphrase:

Parsing policy file: /etc/tripwire/tw.pol

Generating the database...

*** Processing Unix File System ***

### Warning: File system error.

### Filename: /proc/scsi

### No such file or directory

### Continuing...

### Warning: File system error.

### Filename: /usr/sbin/fixrmtab

### No such file or directory

### Continuing...

Wrote database file: /var/lib/tripwire/localhost.localdomain.twd

The database was successfully generated.

You have new mail in /var/spool/mail/root

9.       或许你怀疑 tripwire 真的能侦测出文件最细微的改变吗？ 以下来做个实验，我们把 /etc/group 中第一行第二个字段的『x』改成『X』：

上一页  [1] [2] [3] [4] [5] [6]  下一页