System Integrity Setting up Tripwire to Run Automatically We’ve already seen how logwatch is set up to run automatically every day at 04:02. We can very easily set up Tripwire to run at the same time. Create a two-line script called /etc/cron. daily/run-tripwire containing the following lines: #!/bin/sh /usr/sbin/tripwire –check Make sure the script is owned by root and has permissions of 500 (r-x——) so it is executable only by root. This script invokes Tripwire and gets it to check the system’s integrity according to the rules in the policy file, and using the database we just created as its baseline. When cron runs this script at 04:02 every day its output is sent to root (or whoever is configured in the MAILTO variable in /etc/crontab). Updating the Tripwire Database We’ll test the script by running it now. Type /etc/cron.daily/run-tripwire on the command line as root, and check that Tripwire runs successfully. Examine the output produced carefully, and we should see that Tripwire has spotted the addition of the run-tripwire script to /etc/cron.daily and flagged it as a critical change. To stop Tripwire from reporting this change, which we made and know is OK, as a policy violation every time it runs, we need to update Tripwire’s database. We do this by running tripwire –update, specifying a Tripwire report file that we wish to use for the update. To see what files are available, run ls-ltr/var/lib/tripwire/report; choose the last report listed as this will be the most recent one. The command to run (all on one line) is then: # tripwire –update –twrfile /var/lib/tripwire/report/rh9-20030209- 040304.twr replacing the report filename with the most recent .twr file on your system. This will produce a text file and start vi for us so we can edit the file. Each proposed database update is tagged with [x], and if we don’t want the update to be made, we simply delete the ‘x’. If we don’t want to use vi, then add –visual gedit to the command and Tripwire will start the graphical editor instead. When we exit the editor, we’re asked for the local passphrase, and then updates are applied to the database. Subsequent Tripwire integrity checks should no longer warn us about the change to /etc/cron.daily. Network Security Virtually all Red Hat Linux 9 systems will be connected to other computers via a network at some time. This may be a permanent connection through a network adapter to a LAN (Local Area Network), an “always on” connection to the Internet, or a dial-up connection to an Internet Service Provider that is active only when required. Whatever the connection, we need to make sure that a hacker cannot use it to gain access to our system, or mount a “denial of service” attack that prevents legitimate use of our computing resources. In this section, we’ll look at some of the techniques that we can use to secure our system and make life hard for the potential hacker. 414
Note: If you are looking for good and quality webspace to host and run your java application check professional java hosting services