{"id":2652,"date":"2012-12-25T22:22:33","date_gmt":"2012-12-25T13:22:33","guid":{"rendered":"http:\/\/www.vincentina.net\/?p=2652"},"modified":"2013-07-02T20:51:50","modified_gmt":"2013-07-02T11:51:50","slug":"tripwire%e3%81%ae%e3%82%a4%e3%83%b3%e3%82%b9%e3%83%88%e3%83%bc%e3%83%ab","status":"publish","type":"post","link":"https:\/\/www.vincentina.net\/?p=2652","title":{"rendered":"Tripwire\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb"},"content":{"rendered":"<p><em>\u6253\u8005<\/em>\u4e00\u5de1\u3057\u3066\u307e\u305f\u521d\u671f\u8a2d\u5b9a\u3092\u59cb\u3081\u3066\u3044\u307e\u3059\u3001iptables\u3060\u3063\u305f\u308assh\u306e\u8a2d\u5b9a\u306f\u3059\u3050\u306b\u7d42\u308f\u308b\u306e\u3067\u7701\u7565\u3001Munin\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3082\u7d42\u308f\u308a\u3001\u4eca\u56de\u306fTripwire\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3092\u3057\u307e\u3059\u3002<\/p>\n<p>\u53bb\u5e74\u306f\u30bd\u30fc\u30b9\u304b\u3089\u30b3\u30f3\u30d1\u30a4\u30eb\u3057\u3066\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u3001\u7d50\u69cb\u82e6\u52b4\u3057\u305f\u899a\u3048\u304c\u3042\u308a\u307e\u3059\u306d\u3001\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u306e\u4f5c\u6210\u3068\u304b\u306f\u3055\u3059\u304cSSD\u3060\u3051\u3042\u3063\u3066\u3081\u3061\u3083\u901f\u304f\u51fa\u6765\u4e0a\u304c\u308a\u307e\u3057\u305f\u3002<\/p>\n<p>\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3082\u4eca\u56de\u306fepel\u304c\u5165\u3063\u3066\u3044\u308b\u70ba\u3001yum\u3092\u4f7f\u3063\u3066\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3067\u3059\u3002<\/p>\n<pre>yum -y install tripwire<\/pre>\n<p>\u521d\u3081\u304c\u4e00\u756a\u8a70\u307e\u3063\u305f\u304b\u3082\u3057\u308c\u306a\u3044\u3067\u3059\u304c\u3001\u30bd\u30fc\u30b9\u304b\u3089\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u305f\u6642\u306f\u521d\u3081\u306b\u30ad\u30fc\u306e\u8a2d\u5b9a\u3092\u3059\u308b\u306e\u3067\u3059\u304c\u3001yum\u306e\u5834\u5408\u306f<\/p>\n<pre>cd \/etc\/tripwire\/<\/pre>\n<pre>tripwire-setup-keyfiles<\/pre>\n<p>\u3068\u3044\u3046\u30b3\u30de\u30f3\u30c9\u3067\u4f5c\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3057\u305f\uff08\u6c57<\/p>\n<pre>vim twcfg.txt<\/pre>\n<p>\u30c6\u30ad\u30b9\u30c8\u30d5\u30a1\u30a4\u30eb\u3092\u8a2d\u5b9a\u3057\u3066\u3001\u6697\u53f7\u5316\u3057\u307e\u3059\u306a\u3002<\/p>\n<pre>twadmin -m F -S site.key twcfg.txt<\/pre>\n<pre>vim twpolmake.pl\r\nperl twpolmake.pl twpol.txt &gt; twpol.txt.new\r\ntwadmin -m P -c tw.cfg twpol.txt.new<\/pre>\n<p>\u53c2\u8003\u30b5\u30a4\u30c8\u306eperl\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u304a\u501f\u308a\u3057\u307e\u3059\u3002<br \/>\n\u65b0\u3057\u3044\u30dd\u30ea\u30b7\u30fc\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u308a\u3002<br \/>\n&#8211;init\u3067\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u3092\u4f5c\u6210\u3001&#8211;check\u3067\u6574\u5408\u6027\u3092\u53d6\u308a\u307e\u3059\u3002<br \/>\n\u4f55\u304b\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u3063\u3066\u3001\u3061\u3083\u3093\u3068\u52d5\u4f5c\u3057\u3066\u3044\u308b\u304b\u78ba\u8a8d\u3057\u305f\u308a\u3057\u307e\u3059\u3002<br \/>\n\u3053\u3053\u3067\u306f\u7aef\u6298\u3063\u3066\u3044\u307e\u3059\u304c\u3002<br \/>\nSSD\u901f\u3044\u305e\u30fc\uff01HDD\u3088\u308a\u3001\u305a\u3063\u3068\u306f\u3084\u3044\uff01\uff01<\/p>\n<pre>tripwire --init\r\ntripwire --check<\/pre>\n<p>\u307e\u305f\u307e\u305f\u53c2\u8003\u30b5\u30a4\u30c8\u3088\u308a\u30b7\u30a7\u30eb\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u4f7f\u308f\u305b\u3066\u3044\u305f\u3060\u3044\u3066\u307e\u30fc\u3059\u3002<\/p>\n<pre>vim tripwire.sh\r\nchmod 700 tripwire.sh\r\necho \"0 3 * * * root \/home\/hogehoge\/tripwire.sh\" &gt; \/etc\/cron.d\/tripwire<\/pre>\n<p>\u5b9f\u884c\u6a29\u3092\u4e0e\u3048\u3066\u3001cron\u3078\u767b\u9332\u3057\u307e\u3059\u3002<\/p>\n<p>\u3068\u3044\u3046\u4e8b\u3067\u3001\u30b6\u30fc\u30c3\u3068\u53c2\u8003\u30b5\u30a4\u30c8\u306e\u5185\u5bb9\u3068\u5408\u308f\u305b\u3066\u3001yum\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u305f\u5834\u5408\u306e\u9055\u3044\u306a\u3069\u3092\u7c21\u5358\u306b\u8f09\u305b\u3066\u307f\u307e\u3057\u305f\u304c\u3001\u5c11\u3057\u5909\u66f4\u3057\u3066\u3044\u308b\u3068\u3053\u308d\u3082\u3042\u308a\u3001\u307e\u305a1\u70b9\u76ee\u306f\u30dd\u30ea\u30b7\u30fc\u30d5\u30a1\u30a4\u30eb\u3067\u30e1\u30fc\u30eb\u9001\u4fe1\u3092\u884c\u3046\u3088\u3046\u306b\u4fee\u6b63\u3092\u3057\u3066\u307e\u3059\u3002<br \/>\n\u5185\u5bb9\u304c\u524d\u5f8c\u3057\u3061\u3083\u3063\u3066\u3059\u3044\u307e\u305b\u3093\u3002<\/p>\n<p>\u30dd\u30ea\u30b7\u30fc\u30d5\u30a1\u30a4\u30eb\u306e\u30c6\u30ad\u30b9\u30c8\u30d5\u30a1\u30a4\u30eb\u306e\u3060\u3044\u305f\u304480\u884c\u76ee\u3042\u305f\u308a\u306b\u306a\u308a\u307e\u3059\u304c<br \/>\nemailto = \u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u3000\u3068\u3044\u3046\u6587\u3092\u8ffd\u8a18\u3057\u307e\u3059\u3002<\/p>\n<pre># Tripwire Binaries\r\n(\r\n\u00a0 rulename = \"Tripwire Binaries\",\r\n\u00a0 severity = $(SIG_HI),\r\n\u00a0 emailto = \u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\r\n)<\/pre>\n<p>\u305d\u3057\u3066\u3001cron\u306b\u4f7f\u3046\u30b7\u30a7\u30eb\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u4fee\u6b63\u7b87\u6240<\/p>\n<pre># Tripwire\u30c1\u30a7\u30c3\u30af\u5b9f\u884c\r\n#tripwire -m c -s -c tw.cfg|mail -s \"Tripwire(R) Integrity Check Report in `hostname`\" root\r\ntripwire --chech -M<\/pre>\n<p>\u5143\u304b\u3089\u3042\u3063\u305f\u3082\u306e\u3092\u30b3\u30e1\u30f3\u30c8\u30a2\u30a6\u30c8\u3057\u3066\u3001&#8211;check\u3000\u30aa\u30d7\u30b7\u30e7\u30f3\u306e\u547d\u4ee4\u3092\u8ffd\u8a18\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u5f53\u6642\u306f\u4f55\u65e5\u9593\u3082\u304b\u3051\u3066\u3044\u307e\u3057\u305f\u304c\u3001\u4eca\u56de\u306f\u7279\u306b\u8a70\u307e\u308b\u3053\u3068\u3082\u306a\u304f\u3067\u304d\u305f\u611f\u3058\u3002<br \/>\n\u6642\u9593\u306e\u7d4c\u904e\u3092\u611f\u3058\u3055\u305b\u3066\u304f\u308c\u307e\u3059\u306d\u3002<\/p>\n<p>\u3060\u3044\u3076\u524d\u306b\u59cb\u3081\u308b\u4e88\u5b9a\u3060\u3063\u305f\u30e1\u30fc\u30eb\u30de\u30ac\u30b8\u30f3\u3067\u3059\u304c\u3001\u3084\u3063\u3068\u30b5\u30f3\u30d7\u30eb\u306e\u767b\u9332\u3092\u3084\u3063\u3066\u3001\u305f\u3060\u3044\u307e\u5be9\u67fb\u5f85\u3061\u3067\u3059\u3001\u843d\u3061\u305f\u3089\u3069\u3046\u3057\u3088\u3046\uff65\uff65\uff65\u3063\u3066\u6c17\u306b\u306a\u308a\u307e\u3059\u306d\u3002<\/p>\n<p>\u53c2\u8003\u30b5\u30a4\u30c8<\/p>\n<p>CentOS\u3067\u81ea\u5b85\u30b5\u30fc\u30d0\u69cb\u7bc9\u3000<a href=\"http:\/\/centossrv.com\/tripwire.shtml\" target=\"_blank\">\u30d5\u30a1\u30a4\u30eb\u6539\u7ac4\u691c\u77e5\u30b7\u30b9\u30c6\u30e0\u5c0e\u5165(Tripwire)<\/a><\/p>\n<p>\u4eca\u5e74\u3082\u3042\u30686\u65e5\u3067\u3059\u306d\u3001\u6b8b\u308a\u3082\u304c\u3093\u3070\u308d\u3046\uff5e\uff01<\/p>\n<div class='wp_social_bookmarking_light'>        <div class=\"wsbl_twitter\"><a href=\"https:\/\/twitter.com\/share\" class=\"twitter-share-button\" data-url=\"https:\/\/www.vincentina.net\/?p=2652\" data-text=\"Tripwire\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\" data-via=\"TakekenTw\" data-lang=\"ja\">Tweet<\/a><\/div><\/div>\n<br class='wp_social_bookmarking_light_clear' \/>\n","protected":false},"excerpt":{"rendered":"<p>\u6253\u8005\u4e00\u5de1\u3057\u3066\u307e\u305f\u521d\u671f\u8a2d\u5b9a\u3092\u59cb\u3081\u3066\u3044\u307e\u3059\u3001iptables\u3060\u3063\u305f\u308assh\u306e\u8a2d\u5b9a\u306f\u3059\u3050\u306b\u7d42\u308f\u308b\u306e\u3067\u7701\u7565\u3001Munin\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3082\u7d42\u308f\u308a\u3001\u4eca\u56de\u306fTripwire\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3092\u3057\u307e\u3059\u3002 \u53bb\u5e74\u306f\u30bd\u30fc\u30b9\u304b\u3089\u30b3\u30f3\u30d1\u30a4\u30eb\u3057\u3066\u30a4\u30f3\u30b9\u30c8 &hellip; <a href=\"https:\/\/www.vincentina.net\/?p=2652\" class=\"more-link\"><span class=\"screen-reader-text\">&#8220;Tripwire\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb&#8221; \u306e<\/span>\u7d9a\u304d\u3092\u8aad\u3080<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-2652","post","type-post","status-publish","format-standard","hentry","category-server"],"_links":{"self":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/posts\/2652","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2652"}],"version-history":[{"count":0,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/posts\/2652\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2652"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2652"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2652"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}