# rpm -Vf /etc/php.ini --对这个文件做微小的改变后,再执行此命令就会有信息了
S.5....T. c /etc/php.ini
man rpm
--有下面的命令帮助
S file Size differs
M Mode differs (includes permissions and file type)
5 MD5 sum differs
D Device major/minor number mismatch
L readLink(2) path mismatch
U User ownership differs
G Group ownership differs
T mTime differs
Enter the site keyfile passphrase:
Verify the site keyfile passphrase: --输入你设定的site密码两次
Generating key (this may take several minutes)...Key generation complete.
Enter the local keyfile passphrase:
Verify the local keyfile passphrase: --输入你设定的local密码两次
Generating key (this may take several minutes)...Key generation complete.
Signing configuration file... --签名配置文件
Please enter your site passphrase: --输入刚设定好的site密码
Wrote configuration file: /etc/tripwire/tw.cfg
Signing policy file... --签名策略文件
Please enter your site passphrase: --输入刚设定好的site密码
Wrote policy file: /etc/tripwire/tw.pol
# ls /etc/tripwire/ --做完后,就会多产生几个配置文件了
li.cluter.com-local.key site.key tw.cfg twcfg.txt tw.pol twpol.txt
3,修改默认配置文件
rpm版
# man twpolicy --可以查看策略帮助
# - ignore the following properties
# + check the following properties
#
# a access timestamp (mutually exclusive with +CMSH)
# b number of blocks allocated
# c inode creation/modification timestamp
# d ID of device on which inode resides
# g group id of owner
# i inode number
# l growing files (logfiles for example)
# m modification timestamp
# n number of links
# p permission and file mode bits
# r ID of device pointed to by inode (valid only for device objects)
# s file size
# t file type
# u user id of owner
#
# C CRC-32 hash
# H HAVAL hash
# M MD5 hash
# S SHA hash
4,把修改好的文件,定入policy文件
# twadmin -m P newtwpol.txt --将修改完毕的文件,编码写入policy file
Please enter your site passphrase:
Wrote policy file: /etc/tripwire/tw.pol
# file /etc/tripwire/tw.pol --把你修改好的策略都写入了这个数据文件里
/etc/tripwire/tw.pol: data
5,初始化
# tripwire --init --通过上一步的数据文件来初始化数据库文件(就相当于是对你所有的配置做了数字签名)
Please enter your local passphrase:
Parsing policy file: /etc/tripwire/tw.pol
Generating the database...
*** Processing Unix File System *** --在这里时间较长,几分钟左右
Wrote database file: /var/lib/tripwire/li.cluter.com.twd --数据库文件路径
The database was successfully generated.
6,
# tripwire --check --对所有定义的文件进行一次检测,速度较慢
Wrote report file: /var/lib/tripwire/report/li.cluter.com-20141105-164717.twr --检测完的报告,时间格式为系统的年月日-时分秒
104 var RULE_PATH /etc/snort/rules --这几句必须改成绝对路径,如果用默认的相对路径,其它参数在调用时,相对的目录就不一样了
105 var SO_RULE_PATH /etc/snort/so_rules
106 var PREPROC_RULE_PATH /etc/snort/preproc_rules
109 var WHITE_LIST_PATH /etc/snort/rules
110 var BLACK_LIST_PATH /etc/snort/rules
报错1:
snort: error while loading shared libraries: libdnet.1: cannot open shared object file: No such file or directory
解决方法:
# ln -s /usr/local/lib/libdnet.1 /lib64/libdnet.1
报错2:
ERROR: /etc/snort/snort.conf(249) Could not stat dynamic module path "/usr/local/lib/snort_dynamicrules": No such file or directory.