Configuration and alarm files for TripWire integrity checker
============================================================

$Id: README,v 1.2 2001/12/29 12:15:37 cvs Exp $

Miguel Armas <kuko@ulpgc.es>


To Install this group in a host

1. Add the host to the hostgroup tripwire
2. Install the tripwire group in the host:
   pica -iv +F triwire +H host
3. Install the tripwire software on the host. If you already installed APTChk
   you can just do:
   pica -xv +F "APTChk -p -v" +H host
4. You need to initialize Tripwire in the host. To do it run:
   /etc/tripwire/twinstall
   It will ask you passwords for the site and local keys. The site key is
   used to sign/encryt the config and policy files. The local key is used to
   sign the tripwire database and reports. It's supposed to have only one
   site key for the whole organization and a local key for each server, but
   this group doesn't currently support this configuration. So you will have
   a site and local key pair for each host. 
5. Initialize the tripwire database:
   tripwire --init
   
That's it, TWChk will check your filesystem integrity every night. If it
finds any change, it will notify you. If the changes are authorized you
should update the tripwire database with:

1. Run twupdate in the host or:
   pica -xv +F twupdate +H host
   in the PICA master (this way you can update all servers)
2. It will open en editor (vi) with the last tripwire report to let you specify
   what changes to update. If you want to update all of them just save and 
   exit.
3. It will then ask you for the password of the local key to update the
   tripwire database

Also, anytime you change the policy file (twpol.cfg) you will have to 
sign it on every host. twpol.txt will remind you anytime you install it:

# pica -iv +F twpol.txt +H tripwire
twpol -> /etc/tripwire/twpol.txt 0.0 600 0 
***********************************************
NOTE: Remember to run twadmin -m P twpol.txt!!!
***********************************************

You can sign it on many servers at once running:  
pica -xv +F "twadmin -m P twpol.txt" +H host1 host2 ...

