Provided by: tripwire_2.4.3.1-2_amd64 bug

NAME

       twfiles - overview of files used by Tripwire and file backup process

DESCRIPTION

   Configuration File
       default: /etc/tripwire/tw.cfg
       The configuration file stores system-specific information, such as the location of
       Tripwire data files. The configuration settings are generated during the installation
       process, but can be changed by the system administrator at any time.  See the twconfig(4)
       man page for a more complete discussion.

   Policy File
       default: /etc/tripwire/tw.pol
       The policy file consists of a series of rules specifying the system objects that Tripwire
       should monitor, and the data for each object that should be collected and stored in the
       database file.  Should unexpected changes occur, the policy file can describe the person
       to be notified and the severity of the violation.  See the policyguide.txt file in the
       policy directory and the twpolicy(4) man page for a more complete discussion.

   Database File
       default: /var/lib/$(HOSTNAME).twd
       The database file serves as the baseline for integrity checking.  After installation,
       Tripwire creates the initial database file, a "snapshot" of the filesystem in a known
       secure state.  Later, when an integrity check is run, Tripwire compares each system object
       described in the policy file against its corresponding entry in the database.  A report is
       created, and if an object has changed outside of constraints defined in the policy file, a
       violation is reported.  See the tripwire(8) and twprint(8) man pages for more information
       on creating and maintaining database files.

   Report Files
       default: /var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr
       Once the above three files have been created, Tripwire can run an integrity check and
       search for any differences between the current system and the data stored in the
       "baseline" Tripwire database.  This information is archived into report files, a
       collection of rule violations discovered during an integrity check.  With the appropriate
       settings, a report can also be emailed to one or more recipients.  See the tripwire(8) and
       twprint(8) man pages for information on creating and printing report files.

   Key Files
       defaults: /etc/tripwire/site.key and /etc/tripwire/$(HOSTNAME)-local.key
       It is critical that Tripwire files be protected from unauthorized access‐‐an attacker who
       is able to modify these files can subvert Tripwire operation.  For this reason, all of the
       above files are signed using public key cryptography to prevent unauthorized modification.
       Two separate sets of keys protect critical Tripwire data files.  One or both of these key
       sets is necessary for performing almost every Tripwire task.

       The site key is used to protect files that could be used across several systems.  This
       includes the policy and configuration files.  The local key is used to protect files
       specific to the local machine, such as the Tripwire database.  The local key may also be
       used for signing integrity check reports.  See the twadmin(8) man page for more
       information on keys.

   File Backup
       To prevent the accidental deletion of important data, Tripwire automatically creates
       backup files whenever any Tripwire file is overwritten. The existing file will be renamed
       with a .bak extension, and the new version of the file will take its place.  Only one
       backup copy for each filename can exist at any time.  If a backup copy of a file already
       exists, the older backup file will be deleted and replaced with the newer one.

       File backup is an integral part of Tripwire, and cannot be removed or changed.

VERSION INFORMATION

       This man page describes Tripwire 2.4.

AUTHORS

       Tripwire, Inc.

COPYING PERMISSIONS

       Permission is granted to make and distribute verbatim copies of this man page provided the
       copyright notice and this permission notice are preserved on all copies.

       Permission is granted to copy and distribute modified versions of this man page under the
       conditions for verbatim copying, provided that the entire resulting derived work is
       distributed under the terms of a permission notice identical to this one.

       Permission is granted to copy and distribute translations of this man page into another
       language, under the above conditions for modified versions, except that this permission
       notice may be stated in a translation approved by Tripwire, Inc.

       Copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the
       United States and other countries. All rights reserved.

SEE ALSO

       twintro(8), tripwire(8), twadmin(8), twprint(8), siggen(8), twconfig(4), twpolicy(4)

                                           1 July 2000                                 TWFILES(5)