# tripwire decent policy

## kamikaze04

Hello everybody,

I've just installed a server witch gentoo with tripwire. I've realized that the twpol.txt is from Red Hat, tha's why i get a lot of fails when it doesn't find some files.

I've only found one tripwire policy from a few years in bugzilla, and i would like to know if any of you could share with me and the comuty his twpol.txt. 

Thanks everybody!!

----------

## ter_roshak

 *kamikaze04 wrote:*   

> Hello everybody,
> 
> I've just installed a server witch gentoo with tripwire. I've realized that the twpol.txt is from Red Hat, tha's why i get a lot of fails when it doesn't find some files.
> 
> I've only found one tripwire policy from a few years in bugzilla, and i would like to know if any of you could share with me and the comuty his twpol.txt. 
> ...

 

Here's a link to a script that I created to modify the Red Hat policy to a Gentoo machine based on the applications that you have installed.

----------

## kamikaze04

Soryy but i think that the script is not working properly, because it doesn't write any new config.

About the script, if i don't understand it in a bad way, it comments the lines that make reference of a file that doesn't exist in my system, ok? Ok, it solves the problem about the thousands of errors, but it doesn't solve the problem to monitor all my files.

Thanks anyway.

Any other wants to help?

----------

## ter_roshak

 *kamikaze04 wrote:*   

> Soryy but i think that the script is not working properly, because it doesn't write any new config.
> 
> About the script, if i don't understand it in a bad way, it comments the lines that make reference of a file that doesn't exist in my system, ok? Ok, it solves the problem about the thousands of errors, but it doesn't solve the problem to monitor all my files.
> 
> Thanks anyway.
> ...

 

Did you copy the new_twpol.txt file to twpol.txt?

The whole point to this script is only to modify the Red Hat configuration.  You could then add the additional files that you want to monitor.

----------

## shimbob

trying to use it to comment out the non-existing files, but it's just spinning its wheels. it's sitting there at 99+% cpu, but nothing's being writen to new_twpol.txt.

Inserted some extra print calls, it seems that this line:

            if (m{^\s+/\w}) {

is never true and it never searches.

(I'm not that fluent in perl)

----------

## tomd2004

It seems the problem with the above script is just the way it has been formatted on the page. By viewing the source to the blog i've managed to extract the correct script, which is;

```

#!/usr/bin/perl

## Author:  Joshua M. Miller

# Date:    08/26/2004

#

# Purpose:  To automate the configuration of the tripwire policies.

#

use strict;

my $file = "/etc/tripwire/twpol.txt" ;

my $new_file = "/etc/tripwire/new_twpol.txt" ;

print "Opening $file\n\n" ;

open INFILE, $file or die "Can't open input file : $!" ;

open OUTFILE, ">$new_file" or die "Can't open output file: $!" ;

print "Processing the current tripwire config file...\n" ;

while (<INFILE>) {

# If it is a file that requires checking, check it to see if the file is on this system

# If the line begins with a /, then we know it needs to be checked

# If the file is not on this system, comment it out

       if (m{^\s+/\w}) {

               # Take the file's path from the line

               my @tst_file = split(/\s+/,$_) ;

               # Check to see if the file exists

               unless ( -e $tst_file[1] ) {

                       $_ = "#" . $_ ;

               }

# Debug, print results

               print "Result:  $tst_file[1]\n" ;

# Test - print this section to the outfile

#               print OUTFILE "$tst_file[1]\n" ;

       }

# Write the line to the new file

print OUTFILE "$_" ;

}

close INFILE ;

close OUTFILE ;

```

Nice script, works well for me.

Hope this helps.

----------

## outspoken

beautiful, thanks!

----------

## cboldt

A bash script that writes a twpol.txt from scratch, rather than removing extraneous lines from an existing RedHat-centric policy file, is available in the "mktwpol" package.  mktwpol.sh searches the installed packages database, and writes tripwire policy based on the confluence of packages listed (in mktwpol) and packages found on a given system.  The resulting policy file also has some catchall rules that will trigger alarms for files installed/changed by packages that are not in mktwpol's list of packages. 

mktwol is masked (~x86, etc.), but has been around for a few years, and all bug reports lodged against it were promptly resolved.

----------

