Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
TWFILES(5)		      File Formats Manual		    TWFILES(5)

       twfiles - overview of files used	by Tripwire and	file backup process

   Configuration File
       default:	/usr/local/etc/tripwire/tw.cfg
       The configuration file stores system-specific information, such as the
       location	of Tripwire data files.	The configuration settings are gener-
       ated during the installation process, but can be	changed	by the system
       administrator at	any time.  See the twconfig(4) man page	for a more
       complete	discussion.

   Policy File
       default:	/usr/local/etc/tripwire/tw.pol
       The policy file consists	of a series of rules specifying	the system ob-
       jects that Tripwire should monitor, and the data	for each object	that
       should be collected and stored in the database file.  Should unexpected
       changes occur, the policy file can describe the person to be notified
       and the severity	of the violation.  See the policyguide.txt file	in the
       policy directory	and the	twpolicy(4) man	page for a more	complete dis-

   Database File
       default:	/var/lib/$(HOSTNAME).twd
       The database file serves	as the baseline	for integrity checking.	 After
       installation, Tripwire creates the initial database file, a "snapshot"
       of the filesystem in a known secure state.  Later, when an integrity
       check is	run, Tripwire compares each system object described in the
       policy file against its corresponding entry in the database.  A report
       is created, and if an object has	changed	outside	of constraints defined
       in the policy file, a violation is reported.  See the tripwire(8) and
       twprint(8) man pages for	more information on creating and maintaining
       database	files.

   Report Files
       default:	/var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr
       Once the	above three files have been created, Tripwire can run an in-
       tegrity check and search	for any	differences between the	current	system
       and the data stored in the "baseline" Tripwire database.	 This informa-
       tion is archived	into report files, a collection	of rule	violations
       discovered during an integrity check.  With the appropriate settings, a
       report can also be emailed to one or more recipients.  See the trip-
       wire(8) and twprint(8) man pages	for information	on creating and	print-
       ing report files.

   Key Files
       defaults: /usr/local/etc/tripwire/site.key and /usr/local/etc/trip-
       It is critical that Tripwire files be protected from unauthorized ac-
       cess--an	attacker who is	able to	modify these files can subvert Trip-
       wire operation.	For this reason, all of	the above files	are signed us-
       ing public key cryptography to prevent unauthorized modification.  Two
       separate	sets of	keys protect critical Tripwire data files.  One	or
       both of these key sets is necessary for performing almost every Trip-
       wire task.

       The site	key is used to protect files that could	be used	across several
       systems.	 This includes the policy and configuration files.  The	local
       key is used to protect files specific to	the local machine, such	as the
       Tripwire	database.  The local key may also be used for signing integ-
       rity check reports.  See	the twadmin(8) man page	for more information
       on keys.

   File	Backup
       To prevent the accidental deletion of important data, Tripwire automat-
       ically creates backup files whenever any	Tripwire file is overwritten.
       The existing file will be renamed with a	.bak extension,	and the	new
       version of the file will	take its place.	 Only one backup copy for each
       filename	can exist at any time.	If a backup copy of a file already ex-
       ists, the older backup file will	be deleted and replaced	with the newer

       File backup is an integral part of Tripwire, and	cannot be removed or

       This man	page describes Tripwire	2.4.

       Tripwire, Inc.

       Permission is granted to	make and distribute verbatim copies of this
       man page	provided the copyright notice and this permission notice are
       preserved on all	copies.

       Permission is granted to	copy and distribute modified versions of this
       man page	under the conditions for verbatim copying, provided that the
       entire resulting	derived	work is	distributed under the terms of a per-
       mission notice identical	to this	one.

       Permission is granted to	copy and distribute translations of this man
       page into another language, under the above conditions for modified
       versions, except	that this permission notice may	be stated in a trans-
       lation approved by Tripwire, Inc.

       Copyright 2000-2018 Tripwire, Inc. Tripwire is a	registered trademark
       of Tripwire, Inc. in the	United States and other	countries. All rights

       twintro(8), tripwire(8),	twadmin(8), twprint(8),	siggen(8), twcon-
       fig(4), twpolicy(4)

Open Source Tripwire 2.4	  04 Jan 2018			    TWFILES(5)


Want to link to this manual page? Use this URL:

home | help