Table of Contents
Advertisement
Section 11.12:Tripwire and Email
resulting report. See Section 11.8, Running an Integrity Check and Section 11.9, Printing Reports for
specific instructions on these points.
11.11.1 Signing the Configuration File
The text file with the configuration file changes (commonly /etc/tripwire/twcfg.txt) must
be signed to replace the /etc/tripwire/tw.cfg and be used by Tripwire when it runs its in-
tegrity check. Tripwire will not recognize any configuration changes until the configuration text file
is correctly signed and used to replace the /etc/tripwire/tw.pol file.
If your altered configuration text file is /etc/tripwire/twcfg.txt, type this command to sign
it, replacing the current /etc/tripwire/tw.cfg file:
/usr/sbin/twadmin --create-cfgfile -S site.key /etc/tripwire/twcfg.txt
Since the configuration file does not not alter any Tripwire policies or files tracked by the application,
it is not necessary to regenerate the database of monitored system files.
11.12 Tripwire and Email
Tripwire can email someone if a specific type of rule in the policy file is violated. To configure Trip-
wire to do this, you first have to know the email address of the person to be contacted if a particular
integrity violation occurs, plus the name of the rule you would like to monitor. Note that on large sys-
tems with multiple administrators, you can have different sets of people notified for certain violations
and no one notified for minor violations.
Once you know who to notify and what to notify them about, add an
section of each rule. Do this by adding a comma after the
next line, followed by the email addresses to send the violation reports for that rule. Multiple emails
will be sent if more than one email address is specified and they are separated by a semi-colon.
For example, if you would like two administrators, Sam and Bob, notified if a networking program is
modified, change the Networking Programs rule directive in the policy file to look like this:
(
rulename = "Networking Programs",
severity = $(SIG_HI),
emailto = bob@domain.com;sam@domain.com
)
Once a new signed policy file is generated from the /etc/tripwire/twpol.txt file, the speci-
fied email addresses will be notified upon violations of that particular rule. For instructions on signing
your policy file, see Section 11.11, Updating the Policy File.
emailto=
line to the rule directive
line and putting
severity=
179
on the
emailto=
Advertisement
Table of Contents
Related Manuals for Red Hat LINUX 7.2
Related Products for Red Hat LINUX 7.2
- Red Hat LINUX 7.1 - ISERIES
- Red Hat CLUSTER FOR ENTERPRISE LINUX 5.0
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.6
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.1
- Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 4 - LVM ADMINISTRATOR
- Red Hat ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE
- Red Hat ENTERPRISE LINUX 5 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4.5.0 -
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat ENTERPRISE LINUX 5.1 - LVM ADMINISTRATION
- Red Hat ENTERPRISE LINUX 5.1 - LINUX ORACLE
- Red Hat ENTERPRISE LINUX 5.3 - RELEASE MANIFEST
- Red Hat ENTERPRISE LINUX 5.5 - S 2010
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.2
Need help?
Do you have a question about the LINUX 7.2 and is the answer not in the manual?
Questions and answers