adminguy
/
IT_Articles
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Articles I've written for customers on IT issues.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27 Commits
1 Branch
34 MiB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
IT_Articles/2019/Tripwire_And_ssmtp_for_Emai.../docs/1.tex

72 lines
2.6 KiB
Raw Permalink Normal View History

well
4 years ago
 
  1. \documentclass[11pt]{article}
  2. %Gummi|065|=)

  3. \title{\textbf{Setting up Tripwire with SSMTP}}
  4. \usepackage{graphicx}
  5. \usepackage{caption  }
  6. \author{Steak Electronics}
  7. \date{06/4/19}
  8. \begin{document}
  9. 

  10. %\maketitle

  11. \textbf{Setting up Tripwire with SSMTP}
  12. 

  13. \vspace{0.2in}
  14. This document is best read printed out on paper.
  15. %\textbf{Todo}

  16. \section{Overview}
  17. Tripwire is intrusion detection software for GNU Linux \& BSD. Let's document how to set it up on a server with SSMTP configured for email notifications.
  18. \section{Steps}
  19. \subsection{Configuring Tripwire}
  20. First install Tripwire. This will depend on your package manager. The two examples I have will be either Gentoo, or Debian/Devuan.
  21. \begin{verbatim}
  22. apt-get install tripwire mailutils ssmtp
  23. OR
  24. emerge -av tripwire mailutils ssmtp
  25. \end{verbatim}
  26. \subsubsection{Devuan/Debian}
  27. Devuan will prompt you for a few things in an ncurses gui. Answer all of the defaults (yes for a site key, yes for a user key, etc...). Record your password.
  28. \footnote{For a full walkthrough of this process see this URL:https://www.howtoforge.com/tutorial/how-to-monitor-and-detect-modified-files-using-tripwire-on-ubuntu-1604/  This process includes most, but not all of what you need to know.}
  29. I use the same password for both.
  30. 

  31. \textbf{After install}
  32. 

  33. Now, there's a trick we will use here. Normally, the guides will tell you to init, and then init again after the errors. However, we will try to skip that, if possible, to save time. Each init is about 2-3 minutes, so time can be avoided, if you know what configs you need.
  34. 

  35. \begin{verbatim}
  36. when whitelisting, this is what needs to be commented out in devuan jessie/ascii
  37. 

  38.    Filename: /etc/rc.boot
  39.      Filename: /root/mail
  40.      Filename: /root/Mail
  41.      Filename: /root/.xsession-errors
  42.      Filename: /root/.xauth
  43.      Filename: /root/.tcshrc
  44.      Filename: /root/.sawfish
  45.      Filename: /root/.pinerc
  46.      Filename: /root/.mc
  47.      Filename: /root/.gnome_private
  48.      Filename: /root/.gnome-desktop
  49.      Filename: /root/.gnome
  50.      Filename: /root/.esd_auth
  51.      Filename: /root/.elm
  52.      Filename: /root/.cshrc
  53.      Filename: /root/.bash_profile
  54.      Filename: /root/.bash_logout
  55.      Filename: /root/.amandahosts
  56.      Filename: /root/.addressbook.lu
  57.      Filename: /root/.addressbook
  58.      Filename: /root/.Xresources
  59.      Filename: /root/.Xauthority
  60.      Filename: /root/.ICEauthority
  61.      Filename: /proc/6136/fd/3
  62.      Filename: /proc/6136/fdinfo/3
  63.      Filename: /proc/6136/task/6136/fd/3
  64.      Filename: /proc/6136/task/6136/fdinfo/3
  65. \end{verbatim}
  66. For proc, you simply whitelist the whole directory.
  67. 

  68. 

  69. \subsection{Configuring SSMTP}
  70. 

  71. 

  72. \end{document}