HPE Community
Operating System - HP-UX
1833310 Members
3009 Online
110051 Solutions
New Discussion

Re: Tripwire configuration

 
SOLVED
Go to solution
john flores
Occasional Advisor

‎08-22-2006 08:22 AM

‎08-22-2006 08:22 AM

Tripwire configuration

The HP Internet Express version of Tripwire from software.hp.com.
ixTripwire_A.07.00-2.4.0.1_HP-UX_B.11.11_32_64.depot

After swinstalling it, I found the files in
/opt/iexpress/tripwire/

There's not much documentation. Apparently this HPUX version has not been modified for HPUX. The default configuration is setup for a Linux system. So it is necessary to modify it for HPUX.

Has anyone done this already? Can you give me any hints, advice on revising the twpol.txt for HPUX? What's that LoosedDirectrychecking for and should it be set to true or false?

thanks
johnf
Sock it to me.
0 Kudos
Reply
4 REPLIES 4
Geoff Wild
Honored Contributor

‎08-22-2006 08:40 AM

‎08-22-2006 08:40 AM

Re: Tripwire configuration

I have Tripwire (purchased) installed on a few servers and this is in the policy file:

# The example policy file is best run with 'Loose Directory Checking' # #
# enabled. Set LOOSEDIRECTORYCHECKING=TRUE in the Tripwire Configuration # #
# file. # #

So, set it to TRUE

Here's some other sections:

######################
# ##
###################### #
# # #
# System Directories # #
# ##
######################

(
rulename = "System Directories",
severity = $(SIG_HI),
emailto = $(SIG_HI_MAILRECIPIENTS)
)
{
/ -> $(SEC_INVARIANT) ( recurse = false ) ;
/usr -> $(SEC_INVARIANT) ( recurse = false ) ;
/stand -> $(SEC_INVARIANT) ( recurse = false ) ;
/opt -> $(SEC_INVARIANT) ( recurse = false ) ;
}


######################### #
# # #
# User Home Directories # #
# ##
#########################

# Checks the rights of the /home directory and it's contents 1 level deep.
# Should alert the local admin if user changes the rights on a folder, or
# adds a folder to /home.

(
rulename = "User Home Directories",
severity = $(SIG_MED),
emailto = $(SIG_MED_MAILRECIPIENTS)
)
# Some systems may have permission restrictions (even for root) on users'
# /home directories, hence the '0' recursion level on these rules.
# Increase this to '1' for addition security, but permissions may need to
# be altered on some directories.
{
/home -> $(SEC_INVARIANT)-mc(recurse=0) ;
#/export -> $(SEC_INVARIANT)-mc(recurse=0) ; # So
me systems mount /export/home on a different FS. If not, change this to 'recurse=1'.
#/export/home

-> $(SEC_INVARIANT)-mc(recurse=0) ; # Uncomment if /export/home
is on a different FS.
}



##################
# ##
################## #
# # #
# System Devices # #
# ##
##################

(
rulename = "System Devices",
severity = $(SIG_HI),
emailto = $(SIG_HI_MAILRECIPIENTS),
recurse = false
)
{
/dev/dsk -> $(Device) ;
/dev/rdsk -> $(Device) ;
/dev/null -> $(Device) ;
#/dev/zero -> $(Device) ; # May not be on all systems.
}

###########################
# ##
########################### #
# # #
# Administrative Binaries # #
# ##
###########################

(
rulename = "Administrative Binaries",
severity = $(SIG_HI),
emailto = $(SIG_HI_MAILRECIPIENTS)
)
{
/sbin -> $(SEC_CRIT) ;
/usr/sbin -> $(SEC_CRIT) ;
}

###################
# ##
################### #
# # #
# System Binaries # #
# ##
###################

(
rulename = "System Binaries",
severity = $(SIG_HI),
emailto = $(SIG_HI_MAILRECIPIENTS)
)
{
/bin -> $(SEC_CRIT) ;
/usr/local/bin -> $(SEC_CRIT) ;
/usr/lbin -> $(SEC_CRIT) ;
/usr/dt/bin -> $(SEC_CRIT) ;
/usr/sam/lbin -> $(SEC_CRIT) ;
/usr/tsm/sys -> $(SEC_CRIT) ;
/usr/etc/ -> $(SEC_CRIT) ;
}

#######################
# ##
####################### #
# # #
# Temporary directory # #
# ##
#######################

(
rulename = "Temporary directory",
severity = $(SIG_MED),
emailto = $(SIG_MED_MAILRECIPIENTS)
)
{
# /.dt/tmp -> $(SEC_INVARIANT) ; # Not on all syst
ems.
/tmp -> $(SEC_INVARIANT) ;
/var/dt/tmp -> $(SEC_INVARIANT) ;
/var/spool/cron/tmp -> $(SEC_INVARIANT) ;
/var/tmp -> $(SEC_INVARIANT) ;
}

##################
# ##
################## #
# # #
# Shell Binaries # #
# ##
##################

(
rulename = "Shell Binaries",
severity = $(SIG_HI),
emailto = $(SIG_HI_MAILRECIPIENTS)
)
{
#/usr/bin/bsh -> $(SEC_BIN) ;
/usr/bin/csh -> $(SEC_BIN) ;
/usr/bin/ksh -> $(SEC_BIN) ;
#/usr/bin/psh -> $(SEC_BIN) ;
/usr/bin/rsh -> $(SEC_BIN) ;
#/usr/bin/Rsh -> $(SEC_BIN) ;
/usr/bin/sh -> $(SEC_BIN) ;
#/usr/bin/shell -> $(SEC_BIN) ;
#/usr/bin/tsh -> $(SEC_BIN) ;
/sbin/sh -> $(SEC_BIN) ;
/usr/bin/bash -> $(SEC_BIN)-d ;
#/usr/bin/tcsh -> $(SEC_BIN)-d ;
}

########################
# ##
######################## #
# # #
# System Login Scripts # #
# ##
########################

(
rulename = "System Login Scripts",
severity = $(SIG_HI),
emailto = $(SIG_HI_MAILRECIPIENTS)
)
{
/etc/csh.login -> $(SEC_CONFIG) ;
/etc/d.cshrc -> $(SEC_CONFIG) ;
/etc/d.exrc -> $(SEC_CONFIG) ;
/etc/d.login -> $(SEC_CONFIG) ;
/etc/d.profile -> $(SEC_CONFIG) ;
#/etc/tsh_profile -> $(SEC_CONFIG) ; # Only availible if C
Shell is configured on the system.
/etc/profile -> $(SEC_CONFIG) ;
/etc/skel -> $(SEC_CONFIG) ;
}



Rgds...Geoff


Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Reply
john flores
Occasional Advisor

‎08-28-2006 07:47 AM

‎08-28-2006 07:47 AM

Re: Tripwire configuration

Geoff,
Your response was very helpful, I'm using it almost word for word to construct my own policy file. I have a couple questions:
You left out some of the general sections where Global and FS variables are defined, I assume on purpose. Was your Devices section also abbreviated on purpose? There are a lot more devices and your recurse is false.
Sock it to me.
0 Kudos
Reply
Pierre Pasturel
Respected Contributor

‎08-29-2006 06:24 PM

‎08-29-2006 06:24 PM

Re: Tripwire configuration

HP is considering delivering an HPUX-tailored tripwire configuration file on a future release of HPUX 11i Internet Express. Please post any "must" or "high want" tripwire settings that you would like to see in the default config file and the lab responsible for tripwire on HPUX can determine if they are useful for the HPUX community at large.
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎08-30-2006 01:43 AM

‎08-30-2006 01:43 AM

Solution

Re: Tripwire configuration

Sorry - forgot to check back on this.

I've attached the entire twpol.txt file.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.