Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
TWFILES(5)		      File Formats Manual		    TWFILES(5)

NAME
       twfiles - overview of files used	by Tripwire and	file backup process

DESCRIPTION
   Configuration File
       default:	/usr/local/etc/tripwire/tw.cfg
       The  configuration file stores system-specific information, such	as the
       location	of Tripwire data files.	The configuration settings are	gener-
       ated  during the	installation process, but can be changed by the	system
       administrator at	any time.  See the twconfig(4) man  page  for  a  more
       complete	discussion.

   Policy File
       default:	/usr/local/etc/tripwire/tw.pol
       The policy file consists	of a series of rules specifying	the system ob-
       jects  that  Tripwire should monitor, and the data for each object that
       should be collected and stored in the database file.  Should unexpected
       changes occur, the policy file can describe the person to  be  notified
       and the severity	of the violation.  See the policyguide.txt file	in the
       policy  directory and the twpolicy(4) man page for a more complete dis-
       cussion.

   Database File
       default:	/var/lib/$(HOSTNAME).twd
       The database file serves	as the baseline	for integrity checking.	 After
       installation, Tripwire creates the initial database file, a  "snapshot"
       of  the	filesystem  in a known secure state.  Later, when an integrity
       check is	run, Tripwire compares each system  object  described  in  the
       policy  file against its	corresponding entry in the database.  A	report
       is created, and if an object has	changed	outside	of constraints defined
       in the policy file, a violation is reported.  See the  tripwire(8)  and
       twprint(8)  man	pages for more information on creating and maintaining
       database	files.

   Report Files
       default:	/var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr
       Once the	above three files have been created, Tripwire can run  an  in-
       tegrity check and search	for any	differences between the	current	system
       and the data stored in the "baseline" Tripwire database.	 This informa-
       tion  is	 archived  into	 report	files, a collection of rule violations
       discovered during an integrity check.  With the appropriate settings, a
       report can also be emailed to one or more recipients.   See  the	 trip-
       wire(8) and twprint(8) man pages	for information	on creating and	print-
       ing report files.

   Key Files
       defaults:   /usr/local/etc/tripwire/site.key  and  /usr/local/etc/trip-
       wire/$(HOSTNAME)-local.key
       It is critical that Tripwire files be protected from  unauthorized  ac-
       cess--an	 attacker  who is able to modify these files can subvert Trip-
       wire operation.	For this reason, all of	the above files	are signed us-
       ing public key cryptography to prevent unauthorized modification.   Two
       separate	 sets  of  keys	 protect critical Tripwire data	files.	One or
       both of these key sets is necessary for performing almost  every	 Trip-
       wire task.

       The site	key is used to protect files that could	be used	across several
       systems.	  This includes	the policy and configuration files.  The local
       key is used to protect files specific to	the local machine, such	as the
       Tripwire	database.  The local key may also  be  used  for  signing  in-
       tegrity	check  reports.	 See the twadmin(8) man	page for more informa-
       tion on keys.

   File	Backup
       To prevent the accidental deletion of important data, Tripwire automat-
       ically creates backup files whenever any	Tripwire file is  overwritten.
       The  existing  file  will be renamed with a .bak	extension, and the new
       version of the file will	take its place.	 Only one backup copy for each
       filename	can exist at any time.	If a backup copy of a file already ex-
       ists, the older backup file will	be deleted and replaced	with the newer
       one.

       File backup is an integral part of Tripwire, and	cannot be  removed  or
       changed.

VERSION	INFORMATION
       This man	page describes Tripwire	2.4.

AUTHORS
       Tripwire, Inc.

COPYING	PERMISSIONS
       Permission  is  granted	to make	and distribute verbatim	copies of this
       man page	provided the copyright notice and this permission  notice  are
       preserved on all	copies.

       Permission  is granted to copy and distribute modified versions of this
       man page	under the conditions for verbatim copying, provided  that  the
       entire  resulting derived work is distributed under the terms of	a per-
       mission notice identical	to this	one.

       Permission is granted to	copy and distribute translations of  this  man
       page  into  another  language,  under the above conditions for modified
       versions, except	that this permission notice may	be stated in a	trans-
       lation approved by Tripwire, Inc.

       Copyright  2000-2019  Tripwire, Inc. Tripwire is	a registered trademark
       of Tripwire, Inc. in the	United States and other	countries. All	rights
       reserved.

SEE ALSO
       twintro(8),  tripwire(8),  twadmin(8),  twprint(8),  siggen(8),	twcon-
       fig(4), twpolicy(4)

Open Source Tripwire 2.4	  04 Jan 2018			    TWFILES(5)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=twfiles&sektion=5&manpath=FreeBSD+Ports+14.3.quarterly>

home | help