CADDesignCodeWorkEtcContact
ABCDEFGHIJKLMNOPQRSTUVWXYZ

twfiles

TWFILES(5)                                                          TWFILES(5)



NAME
       twfiles - overview of files used by Tripwire and file backup process

DESCRIPTION
   Configuration File
       default: /etc/tripwire/tw.cfg
       The configuration file stores system-specific information, such as the
       location of Tripwire data files. The configuration settings are gener-
       ated during the installation process, but can be changed by the system
       administrator at any time.  See the twconfig(4) man page for a more
       complete discussion.

   Policy File
       default: /etc/tripwire/tw.pol
       The policy file consists of a series of rules specifying the system
       objects that Tripwire should monitor, and the data for each object that
       should be collected and stored in the database file.  Should unexpected
       changes occur, the policy file can describe the person to be notified
       and the severity of the violation.  See the policyguide.txt file in the
       policy directory and the twpolicy(4) man page for a more complete dis-
       cussion.

   Database File
       default: /var/lib/$(HOSTNAME).twd
       The database file serves as the baseline for integrity checking.  After
       installation, Tripwire creates the initial database file, a "snapshot"
       of the filesystem in a known secure state.  Later, when an integrity
       check is run, Tripwire compares each system object described in the
       policy file against its corresponding entry in the database.  A report
       is created, and if an object has changed outside of constraints defined
       in the policy file, a violation is reported.  See the tripwire(8) and
       twprint(8) man pages for more information on creating and maintaining
       database files.

   Report Files
       default: /var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr
       Once the above three files have been created, Tripwire can run an
       integrity check and search for any differences between the current sys-
       tem and the data stored in the "baseline" Tripwire database.  This
       information is archived into report files, a collection of rule viola-
       tions discovered during an integrity check.  With the appropriate set-
       tings, a report can also be emailed to one or more recipients.  See the
       tripwire(8) and twprint(8) man pages for information on creating and
       printing report files.

   Key Files
       defaults: /etc/tripwire/site.key and /etc/tripwire/$(HOST-
       NAME)-local.key
       It is critical that Tripwire files be protected from unauthorized
       access--an attacker who is able to modify these files can subvert Trip-
       wire operation.  For this reason, all of the above files are signed
       using public key cryptography to prevent unauthorized modification.
       Two separate sets of keys protect critical Tripwire data files.  One or
       both of these key sets is necessary for performing almost every Trip-
       wire task.

       The site key is used to protect files that could be used across several
       systems.  This includes the policy and configuration files.  The local
       key is used to protect files specific to the local machine, such as the
       Tripwire database.  The local key may also be used for signing
       integrity check reports.  See the twadmin(8) man page for more informa-
       tion on keys.

   File Backup
       To prevent the accidental deletion of important data, Tripwire automat-
       ically creates backup files whenever any Tripwire file is overwritten.
       The existing file will be renamed with a .bak extension, and the new
       version of the file will take its place.  Only one backup copy for each
       filename can exist at any time.  If a backup copy of a file already
       exists, the older backup file will be deleted and replaced with the
       newer one.

       File backup is an integral part of Tripwire, and cannot be removed or
       changed.

VERSION INFORMATION
       This man page describes Tripwire 2.3.1.

AUTHORS
       Tripwire, Inc.

COPYING PERMISSIONS
       Permission is granted to make and distribute verbatim copies of this
       man page provided the copyright notice and this permission notice are
       preserved on all copies.

       Permission is granted to copy and distribute modified versions of this
       man page under the conditions for verbatim copying, provided that the
       entire resulting derived work is distributed under the terms of a per-
       mission notice identical to this one.

       Permission is granted to copy and distribute translations of this man
       page into another language, under the above conditions for modified
       versions, except that this permission notice may be stated in a trans-
       lation approved by Tripwire, Inc.

       Copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of
       Tripwire, Inc. in the United States and other countries. All rights
       reserved.

SEE ALSO
       twintro(8), tripwire(8), twadmin(8), twprint(8), siggen(8), twcon-
       fig(4), twpolicy(4)



                                  1 July 2000                       TWFILES(5)
Copyright © JRX Toronto, Canada. All rights reserved.