{"id":55,"date":"2013-01-15T03:05:00","date_gmt":"2013-01-14T18:05:00","guid":{"rendered":"http:\/\/yokensaka.com\/centos\/?p=55"},"modified":"2014-12-21T03:01:47","modified_gmt":"2014-12-20T18:01:47","slug":"%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e6%94%b9%e7%ab%84%e6%a4%9c%e7%9f%a5%e3%82%b7%e3%82%b9%e3%83%86%e3%83%a0tripwire","status":"publish","type":"post","link":"http:\/\/yokensaka.com\/centos\/?p=55","title":{"rendered":"\u30d5\u30a1\u30a4\u30eb\u6539\u7ac4\u691c\u77e5\u30b7\u30b9\u30c6\u30e0(Tripwire)"},"content":{"rendered":"<p>Tripwire\u306f\u30b5\u30fc\u30d0\u30fc\u306e\u30d5\u30a1\u30a4\u30eb\u306e\u6539\u7ac4\u3092\u691c\u77e5\u3059\u308b\u30b7\u30b9\u30c6\u30e0\u3002 Tripwire\u3092\u4f7f\u7528\u3059\u308b\u3068\u3001\u91cd\u8981\u306a\u30b7\u30b9\u30c6\u30e0\u30d5\u30a1\u30a4\u30eb\u3068\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u5bfe\u3059\u308b\u5909\u66f4\u3092\u3059\u3079\u3066\u691c\u51fa\u3059\u308b\u3053\u3068\u3067\u3001\u305d\u308c\u3089\u306e\u4fdd\u5168\u6027\u3092\u78ba\u4fdd\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u3002\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u4e07\u5168\u306b\u3059\u308b\u305f\u3081\u306b\u3001\u30d5\u30a1\u30a4\u30eb\u304c\u6539\u7ac4\u3055\u308c\u308b\u524d\u306b\u3001Tripwire\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u57fa\u6e96\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u3092\u4f5c\u6210\u3057\u3066\u304a\u304f\u3002\u57fa\u6e96\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u304c\u4f5c\u6210\u3055\u308c\u308b\u3068\u3001Tripwire\u306f\u73fe\u5728\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u3053\u308c\u3068\u6bd4\u8f03\u3057\u3001\u5909\u66f4\u3001\u8ffd\u52a0\u3001\u524a\u9664\u306e\u3044\u305a\u308c\u304b\u304c\u3042\u308c\u3070\u5831\u544a\u3059\u308b\u3088\u3046\u306b\u3059\u308b\u3002<br \/>\n<b>\u25a0Tripwire\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/b><br \/>\nTripwire\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\uff08<a href=\"http:\/\/prdownloads.sourceforge.net\/tripwire\" target=\"_blank\">\u6700\u65b0\u7248 \u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9<\/a>\uff09<\/p>\n<pre>\r\n[root@server1 ~]# wget http:\/\/downloads.sourceforge.net\/tripwire\/tripwire-2.4.2.2-src.tar.bz2\r\n\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u305ftripwire\u3092\u5c55\u958b\r\n[root@server1 ~]# tar jxvf tripwire-2.4.2.2-src.tar.bz2\r\nTripwire\u306e\u5c55\u958b\u5148\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3078\u79fb\u52d5\r\n[root@server1 ~]# cd tripwire-2.4.2.2-src\r\ntripwire\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\r\n[root@server1 tripwire-2.4.2.2-src]# .\/configure --prefix=\/usr\/local\/tripwire sysconfdir=\/etc\/tripwire &amp;&amp; make &amp;&amp; make install\r\nPress ENTER to view the License Agreement.\u3000\u2190\u3000\u7a7aENTER\r\nSPACE\u30ad\u30fc\u62bc\u4e0b\u3067\u30e9\u30a4\u30bb\u30f3\u30b9\u8868\u793a\u3092\u6d41\u3059\r\nPlease type \"accept\" to indicate your acceptance of this\r\nlicense agreement. [do not accept] accept\u3000\u2190\u3000accept\u3092\u5165\u529b\r\nContinue with installation? [y\/n] y\u3000\u2190\u3000y\r\nEnter the site keyfile passphrase:\u3000\u2190\u3000\u30b5\u30a4\u30c8\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u3092\u8a2d\u5b9a\r\nVerify the site keyfile passphrase:\u3000\u2190\u3000\u30b5\u30a4\u30c8\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u3092\u518d\u5ea6\u5165\u529b\r\nEnter the local keyfile passphrase:\u3000\u2190\u3000\u30ed\u30fc\u30ab\u30eb\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u3092\u8a2d\u5b9a\r\nVerify the local keyfile passphrase:\u3000\u2190\u3000\u30ed\u30fc\u30ab\u30eb\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u3092\u518d\u5ea6\u5165\u529b\r\nCreating signed configuration file...\r\nPlease enter your site passphrase:\u3000\u2190\u3000\u30b5\u30a4\u30c8\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u3092\u5165\u529b\r\nCreating signed policy file...\r\nPlease enter your site passphrase:\u3000\u2190\u3000\u30b5\u30a4\u30c8\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u3092\u5165\u529b\r\nThe installation succeeded.\r\ntripwire\u5c55\u958b\u5148\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u629c\u3051\u308b\r\n[root@server1 tripwire-2.4.2.-2src1]# cd\u3000\r\ntripwire\u5c55\u958b\u5148\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u524a\u9664\r\n[root@server1 ~]# rm -rf tripwire-2.4.2.2-src\u3000\r\ntripwire\u3092\u524a\u9664\r\n[root@server1 ~]# rm -f tripwire-2.4.2.2-src.tar.bz2\r\ntripwire\u5b9f\u884c\u30d5\u30a1\u30a4\u30eb\u683c\u7d0d\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3078\u30d1\u30b9\u3092\u901a\u3059\r\n[root@server1 ~]# echo PATH=$PATH:\/usr\/local\/tripwire\/sbin &gt;&gt; .bashrc ; source .bashrc\r\n<\/pre>\n<p><b>\u25a0Tripwire\u306e\u8a2d\u5b9a<\/b><\/p>\n<pre>\r\n\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb(\u30c6\u30ad\u30b9\u30c8\u7248)\u3092\u7de8\u96c6\r\n[root@server1 ~]# vi \/etc\/tripwire\/twcfg.txt\r\nROOT                   =\/usr\/local\/tripwire\/sbin\r\nPOLFILE                =\/etc\/tripwire\/tw.pol\r\nDBFILE                 =\/usr\/local\/tripwire\/lib\/tripwire\/$(HOSTNAME).twd\r\nREPORTFILE             =\/usr\/local\/tripwire\/lib\/tripwire\/report\/$(HOSTNAME)-$(DATE).twr\r\nSITEKEYFILE            =\/etc\/tripwire\/site.key\r\nLOCALKEYFILE           =\/etc\/tripwire\/server1.yokensaka.com-local.key\r\nEDITOR                 =\/bin\/vi\r\nLATEPROMPTING          =false\r\nLOOSEDIRECTORYCHECKING =false\r\n\u2193\r\nLOOSEDIRECTORYCHECKING =true\r\nMAILNOVIOLATIONS       =true\r\nEMAILREPORTLEVEL       =3\r\nREPORTLEVEL            =3\r\n\u2193\r\nREPORTLEVEL            =4\r\nMAILMETHOD             =SENDMAIL\r\nSYSLOGREPORTING        =false\r\nMAILPROGRAM            =\/usr\/sbin\/sendmail -oi -t\r\n\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb(\u30c6\u30ad\u30b9\u30c8\u7248\u21d2\u6697\u53f7\u7f72\u540d\u7248)\u3092\u4f5c\u6210\r\n[root@server1 ~]# twadmin -m F -c \/etc\/tripwire\/tw.cfg -S \/etc\/tripwire\/site.key \/etc\/tripwire\/twcfg.txt\r\nPlease enter your site passphrase:\u3000\u2190\u3000\u30b5\u30a4\u30c8\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u3092\u5165\u529b\r\nWrote configuration file: \/etc\/tripwire\/tw.cfg\r\n\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u78ba\u4fdd\u306e\u305f\u3081\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb(\u30c6\u30ad\u30b9\u30c8\u7248)\u3092\u524a\u9664\r\n[root@server1 ~]# rm -f \/etc\/tripwire\/twcfg.txt\r\n\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb(\u30c6\u30ad\u30b9\u30c8\u7248)\u3092\u5fa9\u6d3b\u3055\u305b\u308b\u5834\u5408\u306f\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3067\u5fa9\u6d3b\u3067\u304d\u308b\r\n[root@server1~]# twadmin --print-cfgfile &gt; \/etc\/tripwire\/twcfg.txt\r\n<\/pre>\n<p><b>\u25a0\u30dd\u30ea\u30b7\u30fc\u30d5\u30a1\u30a4\u30eb\u306e\u8a2d\u5b9a<\/b><\/p>\n<pre>\r\n\u30dd\u30ea\u30b7\u30fc\u30d5\u30a1\u30a4\u30eb\u306e\u6700\u9069\u5316\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u4f5c\u6210\r\n[root@server1 ~]# vi \/etc\/tripwire\/twpolmake.pl\r\n#!\/usr\/bin\/perl\r\n# Tripwire Policy File customize tool\r\n# ----------------------------------------------------------------------\r\n# Copyright (C) 2003 Hiroaki Izumi\r\n# This program is free software; you can redistribute it and\/or\r\n# modify it under the terms of the GNU General Public License\r\n# as published by the Free Software Foundation; either version 2\r\n# of the License, or (at your option) any later version.\r\n# This program is distributed in the hope that it will be useful,\r\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\r\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\r\n# GNU General Public License for more details.\r\n# You should have received a copy of the GNU General Public License\r\n# along with this program; if not, write to the Free Software\r\n# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.\r\n# ----------------------------------------------------------------------\r\n# Usage:\r\n#    perl twpolmake.pl {Pol file}\r\n# ----------------------------------------------------------------------\r\n#\r\n$POLFILE=$ARGV[0];\r\nopen(POL,\"$POLFILE\") or die \"open error: $POLFILE\" ;\r\nmy($myhost,$thost) ;\r\nmy($sharp,$tpath,$cond) ;\r\nmy($INRULE) = 0 ;\r\nwhile (&lt;POL&gt;) {\r\nchomp;\r\nif (($thost) = \/^HOSTNAME\\s*=\\s*(.*)\\s*;\/) {\r\n$myhost = `hostname` ; chomp($myhost) ;\r\nif ($thost ne $myhost) {\r\n$_=\"HOSTNAME=\\\"$myhost\\\";\" ;\r\n}\r\n}\r\nelsif ( \/^{\/ ) {\r\n$INRULE=1 ;\r\n}\r\nelsif ( \/^}\/ ) {\r\n$INRULE=0 ;\r\n}\r\nelsif ($INRULE == 1 and ($sharp,$tpath,$cond) = \/^(\\s*\\#?\\s*)(\\\/\\S+)\\b(\\s+-&gt;\\s+.+)$\/) {\r\n$ret = ($sharp =~ s\/\\#\/\/g) ;\r\nif ($tpath eq '\/sbin\/e2fsadm' ) {\r\n$cond =~ s\/;\\s+(tune2fs.*)$\/; \\#$1\/ ;\r\n}\r\nif (! -s $tpath) {\r\n$_ = \"$sharp#$tpath$cond\" if ($ret == 0) ;\r\n}\r\nelse {\r\n$_ = \"$sharp$tpath$cond\" ;\r\n}\r\n}\r\nprint \"$_\\n\" ;\r\n}\r\nclose(POL) ;\r\n\u30dd\u30ea\u30b7\u30fc\u30d5\u30a1\u30a4\u30eb\u306e\u6700\u9069\u5316\r\n[root@server1 ~]# perl \/etc\/tripwire\/twpolmake.pl \/etc\/tripwire\/twpol.txt &gt; \/etc\/tripwire\/twpol.txt.new\r\n\u30dd\u30ea\u30b7\u30fc\u30d5\u30a1\u30a4\u30eb(\u6697\u53f7\u7f72\u540d\u7248)\u3092\u4f5c\u6210\r\n[root@server1 ~]# twadmin -m P -c \/etc\/tripwire\/tw.cfg -p \/etc\/tripwire\/tw.pol -S \/etc\/tripwire\/site.key \/etc\/tripwire\/twpol.txt.new\r\nPlease enter your site passphrase:\u3000\u2190\u3000\u30b5\u30a4\u30c8\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u3092\u5165\u529b\r\nWrote policy file: \/etc\/tripwire\/tw.pol\r\n\u30dd\u30ea\u30b7\u30fc\u30d5\u30a1\u30a4\u30eb(\u30c6\u30ad\u30b9\u30c8\u7248)\u3092\u524a\u9664\r\n[root@server1 ~]# rm -f \/etc\/tripwire\/twpol.txt*\r\n\u30dd\u30ea\u30b7\u30fc\u30d5\u30a1\u30a4\u30eb(\u30c6\u30ad\u30b9\u30c8\u7248)\u3092\u5fa9\u6d3b\u3055\u305b\u308b\u5834\u5408\u306f\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3067\u5fa9\u6d3b\u3067\u304d\u308b\r\n[root@server1 ~]# twadmin -m p -c \/etc\/tripwire\/tw.cfg -p \/etc\/tripwire\/tw.pol -S \/etc\/tripwire\/site.key &gt; \/etc\/tripwire\/twpol.txt\r\n<\/pre>\n<p><b>\u25a0Tripwire\u306e\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u4f5c\u6210<\/b><\/p>\n<pre>\r\n\u30dd\u30ea\u30b7\u30fc\u30d5\u30a1\u30a4\u30eb\u3088\u308a\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u3092\u4f5c\u6210\r\n[root@server1 ~]# tripwire -m i -s -c \/etc\/tripwire\/tw.cfg\r\nPlease enter your local passphrase:\u3000\u2190\u3000\u30ed\u30fc\u30ab\u30eb\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u3092\u5165\u529b\r\n\u203b\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u3092\u4f5c\u6210\u3059\u308b\u306b\u306f\u7d50\u69cb\u6642\u9593\u304b\u304b\u308b\r\n<\/pre>\n<p><b>\u25a0Tripwire\u306e\u78ba\u8a8d<\/b><\/p>\n<pre>\r\n\u30d5\u30a1\u30a4\u30eb\u5909\u66f4\u3092\u30c1\u30a7\u30c3\u30af\u3000\u203b\u7d50\u69cb\u6642\u9593\u304b\u304b\u308b\r\n[root@server1 ~]# tripwire -m c -s -c \/etc\/tripwire\/tw.cfg\r\nOpen Source Tripwire(R) 2.4.2.2 Integrity Check Report\r\nReport generated by:          root\r\nReport created on:            2013\u5e7401\u670815\u65e5 02\u664244\u520653\u79d2\r\nDatabase last updated on:     Never\r\n===============================================================================\r\nReport Summary:\r\n===============================================================================\r\nHost name:                    server1.yokensaka.com\r\nHost IP address:              60.34.241.151\r\nHost ID:                      None\r\nPolicy file used:             \/etc\/tripwire\/tw.pol\r\nConfiguration file used:      \/etc\/tripwire\/tw.cfg\r\nDatabase file used:           \/usr\/local\/tripwire\/lib\/tripwire\/server1.yokensaka.com.twd\r\nCommand line used:            tripwire -m c -s -c \/etc\/tripwire\/tw.cfg\r\n===============================================================================\r\nRule Summary:\r\n===============================================================================\r\n-------------------------------------------------------------------------------\r\nSection: Unix File System\r\n-------------------------------------------------------------------------------\r\nRule Name                       Severity Level    Added    Removed  Modified\r\n---------                       --------------    -----    -------  --------\r\n* Tripwire Data Files             0                 1        0        0\r\n* Monitor Filesystems             0                 0        0        5\r\nUser Binaries and Libraries     0                 0        0        0\r\nTripwire Binaries               0                 0        0        0\r\nOS Binaries and Libraries       0                 0        0        0\r\nTemporary Directories           0                 0        0        0\r\nGlobal Configuration Files      0                 0        0        0\r\nSystem Boot Changes             0                 0        0        0\r\nRPM Checksum Files              0                 0        0        0\r\n* OS Boot Files and Mount Points  0                 0        0        1\r\n* OS Devices and Misc Directories 0                 0        24       1\r\nRoot Directory and Files        0                 0        0        0\r\nTotal objects scanned:  186790\r\nTotal violations found:  32\r\n===============================================================================\r\nObject Summary:\r\n===============================================================================\r\n-------------------------------------------------------------------------------\r\n# Section: Unix File System\r\n-------------------------------------------------------------------------------\r\n-------------------------------------------------------------------------------\r\nRule Name: Tripwire Data Files (\/usr\/local\/tripwire\/lib\/tripwire)\r\nSeverity Level: 0\r\n-------------------------------------------------------------------------------\r\nAdded:\r\n\"\/usr\/local\/tripwire\/lib\/tripwire\/server1.yokensaka.com.twd\"\r\n-------------------------------------------------------------------------------\r\nRule Name: Monitor Filesystems (\/var)\r\nSeverity Level: 0\r\n-------------------------------------------------------------------------------\r\nModified:\r\n\"\/var\/lib\/NetworkManager\/timestamps\"\r\n\"\/var\/lib\/samba\/browse.dat\"\r\n\"\/var\/lib\/samba\/unexpected.tdb\"\r\n\"\/var\/spool\/postfix\/public\/pickup\"\r\n\"\/var\/spool\/postfix\/public\/qmgr\"\r\n-------------------------------------------------------------------------------\r\nRule Name: OS Boot Files and Mount Points (\/boot)\r\nSeverity Level: 0\r\n-------------------------------------------------------------------------------\r\nModified:\r\n\"\/boot\/grub\/stage2\"\r\n-------------------------------------------------------------------------------\r\nRule Name: OS Devices and Misc Directories (\/dev)\r\nSeverity Level: 0\r\n-------------------------------------------------------------------------------\r\nRemoved:\r\n\"\/dev\/char\/13:33\"\r\n\"\/dev\/char\/13:67\"\r\n\"\/dev\/char\/189:503\"\r\n\"\/dev\/char\/250:0\"\r\n\"\/dev\/input\/by-id\/usb-Logitech_USB_Optical_Mouse-event-mouse\"\r\n\"\/dev\/input\/by-id\/usb-Logitech_USB_Optical_Mouse-mouse\"\r\n\"\/dev\/input\/by-path\/pci-0000:00:12.0-usb-0:2:1.0-event-mouse\"\r\n\"\/dev\/input\/by-path\/pci-0000:00:12.0-usb-0:2:1.0-mouse\"\r\n\"\/dev\/input\/event3\"\r\n\"\/dev\/input\/mouse1\"\r\n\"\/dev\/.udev\/db\/hidraw:hidraw0\"\r\n\"\/dev\/.udev\/db\/input:event3\"\r\n\"\/dev\/.udev\/db\/input:mouse1\"\r\n\"\/dev\/.udev\/db\/usb:4-2\"\r\n\"\/dev\/.udev\/links\/input\\\\x2fby-id\\\\x2fusb-Logitech_USB_Optical_Mouse-event-mouse\"\r\n\"\/dev\/.udev\/links\/input\\\\x2fby-id\\\\x2fusb-Logitech_USB_Optical_Mouse-event-mouse\/c13:67\"\r\n\"\/dev\/.udev\/links\/input\\\\x2fby-id\\\\x2fusb-Logitech_USB_Optical_Mouse-mouse\"\r\n\"\/dev\/.udev\/links\/input\\\\x2fby-id\\\\x2fusb-Logitech_USB_Optical_Mouse-mouse\/c13:33\"\r\n\"\/dev\/.udev\/links\/input\\\\x2fby-path\\\\x2fpci-0000:00:12.0-usb-0:2:1.0-event-mouse\"\r\n\"\/dev\/.udev\/links\/input\\\\x2fby-path\\\\x2fpci-0000:00:12.0-usb-0:2:1.0-event-mouse\/c13:67\"\r\n\"\/dev\/.udev\/links\/input\\\\x2fby-path\\\\x2fpci-0000:00:12.0-usb-0:2:1.0-mouse\"\r\n\"\/dev\/.udev\/links\/input\\\\x2fby-path\\\\x2fpci-0000:00:12.0-usb-0:2:1.0-mouse\/c13:33\"\r\n\"\/dev\/bus\/usb\/004\/120\"\r\n\"\/dev\/hidraw0\"\r\nModified:\r\n\"\/dev\/.udev\/queue.bin\"\r\n===============================================================================\r\nError Report:\r\n===============================================================================\r\nNo Errors\r\n-------------------------------------------------------------------------------\r\n*** End of report ***\r\nOpen Source Tripwire 2.4 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered\r\ntrademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY;\r\nfor details use --version. This is free software which may be redistributed\r\nor modified only under certain conditions; see COPYING for details.\r\nAll rights reserved.\r\n<\/pre>\n<p><b>\u25a0Tripwire\u306e\u5b9a\u671f\u81ea\u52d5\u5b9f\u884c\u8a2d\u5b9a<\/b><\/p>\n<pre>\r\nTripwire\u306e\u5b9a\u671f\u5b9f\u884c\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u4f5c\u6210\r\n[root@server1 ~]# vi tripwire.sh\r\n#!\/bin\/bash\r\nPATH=\/usr\/sbin:\/usr\/bin:\/bin:\/usr\/local\/tripwire\/sbin\r\n# \u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u8a2d\u5b9a\r\nLOCALPASS=xxxxxxxx # \u30ed\u30fc\u30ab\u30eb\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\r\nSITEPASS=xxxxxxxx  # \u30b5\u30a4\u30c8\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\r\ncd \/etc\/tripwire\r\n# Tripwire\u30c1\u30a7\u30c3\u30af\u5b9f\u884c\r\ntripwire -m c -s -c tw.cfg|mail -s \"Tripwire(R) Integrity Check Report in `hostname`\" root\r\n# \u30dd\u30ea\u30b7\u30fc\u30d5\u30a1\u30a4\u30eb\u6700\u65b0\u5316\r\ntwadmin -m p -c tw.cfg -p tw.pol -S site.key &gt; twpol.txt\r\nperl twpolmake.pl twpol.txt &gt; twpol.txt.new\r\ntwadmin -m P -c tw.cfg -p tw.pol -S site.key -Q $SITEPASS twpol.txt.new &gt; \/dev\/null\r\nrm -f twpol.txt* *.bak\r\n# \u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u6700\u65b0\u5316\r\nrm -f \/usr\/local\/tripwire\/lib\/tripwire\/*.twd*\r\ntripwire -m i -s -c tw.cfg -P $LOCALPASS\r\n\u5b9f\u884c\u30b9\u30af\u30ea\u30d7\u30c8\u306b\u5b9f\u884c\u6a29\u3092\u4e0e\u3048\u308b\r\n[root@server1 ~]# chmod 700 tripwire.sh\r\ncron\u3092\u7de8\u96c6\r\n[root@server1 ~]# crontab -e\r\n00 01 * * * \/root\/tripwire.sh\r\n\u6bce\u65e51:00\u306bTripwire\u306e\u5b9a\u671f\u5b9f\u884c\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\r\n<\/pre>\n<p>Tripwire\u306e\u30a2\u30f3\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u65b9\u6cd5<\/p>\n<pre>\r\n[root@server1 ~]# rm -rf \/usr\/local\/tripwire\/\r\n[root@server1 ~]# rm -rf \/etc\/tripwire\/\r\n<\/pre>\n<div align=right><a href=\"#\">\u25b2 \u30da\u30fc\u30b8\u30c8\u30c3\u30d7\u3078<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Tripwire\u306f\u30b5\u30fc\u30d0\u30fc\u306e\u30d5\u30a1\u30a4\u30eb\u306e\u6539\u7ac4\u3092\u691c\u77e5\u3059\u308b\u30b7\u30b9\u30c6\u30e0\u3002 Tripwire &hellip; <a href=\"http:\/\/yokensaka.com\/centos\/?p=55\">\u7d9a\u304d\u3092\u8aad\u3080 <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-55","post","type-post","status-publish","format-standard","hentry","category-tripwire"],"_links":{"self":[{"href":"http:\/\/yokensaka.com\/centos\/index.php?rest_route=\/wp\/v2\/posts\/55","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/yokensaka.com\/centos\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/yokensaka.com\/centos\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/yokensaka.com\/centos\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/yokensaka.com\/centos\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=55"}],"version-history":[{"count":1,"href":"http:\/\/yokensaka.com\/centos\/index.php?rest_route=\/wp\/v2\/posts\/55\/revisions"}],"predecessor-version":[{"id":246,"href":"http:\/\/yokensaka.com\/centos\/index.php?rest_route=\/wp\/v2\/posts\/55\/revisions\/246"}],"wp:attachment":[{"href":"http:\/\/yokensaka.com\/centos\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=55"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/yokensaka.com\/centos\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=55"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/yokensaka.com\/centos\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=55"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}