NAME¶
twfiles - overview of files used by
Tripwire and file backup process
DESCRIPTION¶
Configuration File¶
default: /etc/tripwire/tw.cfg
The configuration file stores system-specific information, such as the location
of
Tripwire data files. The configuration settings are generated during
the installation process, but can be changed by the system administrator at
any time. See the
twconfig(4) man page for a more complete discussion.
Policy File¶
default: /etc/tripwire/tw.pol
The policy file consists of a series of rules specifying the system objects that
Tripwire should monitor, and the data for each object that should be
collected and stored in the database file. Should unexpected changes occur,
the policy file can describe the person to be notified and the severity of the
violation. See the
policyguide.txt file in the policy directory and the
twpolicy(4) man page for a more complete discussion.
Database File¶
default: /var/lib/$(HOSTNAME).twd
The database file serves as the baseline for integrity checking. After
installation,
Tripwire creates the initial database file, a
"snapshot" of the filesystem in a known secure state. Later, when an
integrity check is run,
Tripwire compares each system object described
in the policy file against its corresponding entry in the database. A report
is created, and if an object has changed outside of constraints defined in the
policy file, a violation is reported. See the
tripwire(8) and
twprint(8) man pages for more information on creating and maintaining
database files.
Report Files¶
default: /var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr
Once the above three files have been created,
Tripwire can run an
integrity check and search for any differences between the current system and
the data stored in the "baseline"
Tripwire database. This
information is archived into report files, a collection of rule violations
discovered during an integrity check. With the appropriate settings, a report
can also be emailed to one or more recipients. See the
tripwire(8) and
twprint(8) man pages for information on creating and printing report
files.
Key Files¶
defaults: /etc/tripwire/site.key and
/etc/tripwire/$(HOSTNAME)-local.key
It is critical that
Tripwire files be protected from unauthorized
access‐‐an attacker who is able to modify these files can
subvert
Tripwire operation. For this reason, all of the above files are
signed using public key cryptography to prevent unauthorized modification. Two
separate sets of keys protect critical
Tripwire data files. One or both
of these key sets is necessary for performing almost every
Tripwire
task.
The site key is used to protect files that could be used across several systems.
This includes the policy and configuration files. The local key is used to
protect files specific to the local machine, such as the
Tripwire
database. The local key may also be used for signing integrity check reports.
See the
twadmin(8) man page for more information on keys.
File Backup¶
To prevent the accidental deletion of important data,
Tripwire
automatically creates backup files whenever any
Tripwire file is
overwritten. The existing file will be renamed with a
.bak extension,
and the new version of the file will take its place. Only one backup copy for
each filename can exist at any time. If a backup copy of a file already
exists, the older backup file will be deleted and replaced with the newer one.
File backup is an integral part of
Tripwire, and cannot be removed or
changed.
This man page describes
Tripwire 2.4.
AUTHORS¶
Tripwire, Inc.
COPYING PERMISSIONS¶
Permission is granted to make and distribute verbatim copies of this man page
provided the copyright notice and this permission notice are preserved on all
copies.
Permission is granted to copy and distribute modified versions of this man page
under the conditions for verbatim copying, provided that the entire resulting
derived work is distributed under the terms of a permission notice identical
to this one.
Permission is granted to copy and distribute translations of this man page into
another language, under the above conditions for modified versions, except
that this permission notice may be stated in a translation approved by
Tripwire, Inc.
Copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,
Inc. in the United States and other countries. All rights reserved.
SEE ALSO¶
twintro(8),
tripwire(8),
twadmin(8),
twprint(8),
siggen(8),
twconfig(4),
twpolicy(4)