WIXLIB

TripwireReference Guide2.4

2001 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc.All rights reserved.Microsoft, Windows, Windows NT, and Windows 2000 are registeredtrademarks of Microsoft Corporation.UNIX is a registered trademark of The Open Group.Linux is a registered trademark of Linus Torvalds.Java and all Java-based marks are trademarks or registered trademarks ofSun Microsystems, Inc. in the U.S. and other countries.All other brand or product names may be trademarks or registeredtrademarks of their respective companies or organizations.This product includes software developed by the OpenSSL Project for usein the OpenSSL Toolkit (http://www.openssl.org).Tripwire, Inc.326 SW Broadway, 3rd FloorPortland, OR 97205tel: 1.877.TRIPWIREfax: re.comTW1003-02

About This Guide

About This GuideDocument ListThe Tripwire Installation Guide describes installation procedures forTripwire Manager and Tripwire for Servers software.The Tripwire for Servers User Guide describes configuration andoperation of Tripwire for Servers software.The Tripwire Manager User Guide describes configuration andoperation of Tripwire Manager software, which is used to managemultiple installations of Tripwire for Servers software.The Tripwire Reference Guide contains detailed information about theTripwire configuration and policy files.The Quick Reference Cards summarize important functionality ofTripwire for Servers software.You can access PDF versions of the Guides from the docs directories onthe Tripwire Manager and Tripwire for Servers CDs.You can access online help from the Tripwire Manager interface.Tripwire Reference Guidev

About This GuideConventionsThis Guide uses the following typographic conventions.Boldin regular text indicates FTP and HTTP URLs, andemphasizes important issues.Italicindicates file and directory names.Constantin regular text shows commands and command-lineoptions, and policy file rule attributes, directives, andvariables.Sans Serifin examples shows actual user input on the command line.Sans Serif Italicin examples shows variables which should be replacedwith context-specific values.Wdenotes sections of the text that apply only to Windowsinstallations of Tripwire software. Unless otherwisespecified, all references to Windows refer to bothWindows NT and Windows 2000.Udenotes sections of the text that apply only to UNIX orLinux installations of Tripwire software. Unlessotherwise specified, all references to UNIX also refer toLinux.[options]the command reference section shows optionalcommand-line arguments in brackets.{1 2 3}the command reference section shows sets of possibleoptions in braces, separated by the character. Chooseonly one of the options.Unless otherwise specified, command-line examples assume that theTripwire bin directory is the current working directory.viTripwire Reference Guide

About This GuideSupportFor the latest information and support for Tripwire products, visit theTripwire website or contact Tripwire Technical Support.Tripwire Support Website: http://www.tripwire.com/supportTripwire Technical m1.866.TWSUPPORT (6am-6pm Pacific)503.276.7663General information: info@tripwire.comTripwire Professional ServicesTripwire Professional Services provides flexible service and support tomeet your specific technical and deployment needs. If you would likeTripwire software deployment and implementation assistance, oradditional training in using Tripwire software products, visithttp://www.tripwire.com or contact your Tripwire Sales Representative.Tripwire Educational ServicesObtain expert hands-on technical training and experience from a TripwireCertified Instructor. Courses are offered by Tripwire Authorized TrainingCenters, and prepare you to install, configure, and maintain Tripwiresoftware. Visit http://www.tripwire.com or contact your Tripwire SalesRepresentative for more information.Tripwire Reference Guidevii

ContentsAbout This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . iiiDocument List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vConventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viSupport. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiTripwire Professional Services . . . . . . . . . . . . . . . . . . . . . . viiTripwire Educational Services. . . . . . . . . . . . . . . . . . . . . . . viiConfiguration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Introduction to Configuration Files . . . . . . . . . . . . . . . . . . . . . . 3Configuration File Parameters . . . . . . . . . . . . . . . . . . . . . . . . . 4Paths to Data Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Policy File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Database File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Report File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Site Key File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Local Key File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Data Files Permissions. . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Policy Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Database Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Report Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Temporary Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Tripwire Reference Guideix

ContentsIntegrity Checking Parameters . . . . . . . . . . . . . . . . . . . . . . 8Loose Directory Checking . . . . . . . . . . . . . . . . . . . . . . . 8Reset Access Time. . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Traverse Mount Points . . . . . . . . . . . . . . . . . . . . . . . . . 9E-mail Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Mail Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Mail Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10SMTP Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11SMTP Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11From Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Mail No Violations . . . . . . . . . . . . . . . . . . . . . . . . . . . 12E-mail Report Level . . . . . . . . . . . . . . . . . . . . . . . . . . 12Global E-mail Address . . . . . . . . . . . . . . . . . . . . . . . . 13Character (Mail) Encoding . . . . . . . . . . . . . . . . . . . . . 13Logging Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Syslog Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Syslog Report Level . . . . . . . . . . . . . . . . . . . . . . . . . . 14Syslog Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Audit Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15SNMP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16SNMP Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16SNMP Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16SNMP Community . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Other Operations Parameters. . . . . . . . . . . . . . . . . . . . . . 17Late Prompting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Report Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18xTripwire Reference Guide

ContentsAgent Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Tripwire Agent Parameters . . . . . . . . . . . . . . . . . . . . . . . 19PORTNUMBER. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19IPADDRESS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20TWCFGFILE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20SITEKEYFILE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20TRIPWIRE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21TWADMIN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21TWPRINT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21AUTHKEYFILE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21AUTHKEYFILERIGHTS . . . . . . . . . . . . . . . . . . . . . . . . 21SCHEDULEFILE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22SCHEDULEFILERIGHTS . . . . . . . . . . . . . . . . . . . . . . . 22TASKFILE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22TASKFILERIGHTS . . . . . . . . . . . . . . . . . . . . . . . . . . . 22LOGFILE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23LOGFILERIGHTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23The Policy File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Introduction to the Policy File . . . . . . . . . . . . . . . . . . . . . . . . 27Default Policy Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Policy File Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Introduction to the Policy File Language. . . . . . . . . . . . . . . . . 29Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Rule Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Stop Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Tripwire Reference Guidexi

ContentsDirectives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Policy File Sections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33How to Section a Policy File . . . . . . . . . . . . . . . . . . . . . . . 34Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Constructing Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36Object Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36UNIX File System Object Names . . . . . . . . . . . . . . . . . 37Windows File System Object Names . . . . . . . . . . . . . . 37Windows Registry Object Names. . . . . . . . . . . . . . . . . 38Special Characters in Object Names . . . . . . . . . . . . . . . . . 39Restricted Characters in UNIX Object Names . . . . . . . . 39Restricted Characters in Windows Object Names . . . . . 40Nonprintable Characters in UNIX Object Names . . . . . . 41Hexadecimal, Octal, or Unicode Characters . . . . . . . . . 42Double-byte Characters . . . . . . . . . . . . . . . . . . . . . . . 42Wildcards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43White Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Property Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Properties for UNIX File System Objects . . . . . . . . . . . 47Properties for Windows File System Objects . . . . . . . . . 48Properties for Windows Registry Key Objects . . . . . . . . 49Properties for Windows Registry Value Objects. . . . . . . 49Rule Attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Specifying Rule Names . . . . . . . . . . . . . . . . . . . . . . . . . . 51Specifying Severity Levels . . . . . . . . . . . . . . . . . . . . . . . . 52Default Severity . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Severity in Tripwire Manager . . . . . . . . . . . . . . . . . . . 53xiiTripwire Reference Guide