Provided by: tripwire_2.4.3.7-5_amd64 bug

NAME

       twconfig - Tripwire configuration file reference

DESCRIPTION

       The configuration file stores system-specific information, including the location of
       Tripwire data files, and the settings used to send email notification. The configuration
       file settings are generated during the installation process, but can be changed by the
       system administrator at any time.  The configuration file is signed with the site key, and
       the site passphrase is required to edit the file.

       During installation, a signed Tripwire configuration file tw.cfg will be created in the
       /etc/tripwire directory, and a plain text copy of this configuration file twcfg.txt will
       be created in the same directory.

       The configuration file is modified using the twadmin --create-cfgfile command.  With this
       command, the user can designate an existing plain text file as the current configuration
       file.  Using the current site key and passphrase, the new configuration file is
       cryptographically signed and saved with this command.

   Components of the Configuration File
       The Tripwire configuration file is structured as a list of keyword-value pairs, and may
       also contain comments and variable definitions.  Any lines with "#" in the first column
       are treated as comments.

       The general syntax for variable definition is:
           keyword  =  value
       For example:
           ROOT = /usr/tripwire
           EDITOR = /usr/local/bin/jove

       Variable substitution on the right hand side is permitted using the syntax:
           $(  varname  )
       For example:
           DBFILE = $(ROOT)/db/$(HOSTNAME).twd

       Variable names are case-sensitive, and may contain all alphanumeric characters,
       underscores, the characters "+-@:", and the period.  Two variables are predefined in the
       configuration file, and may not be changed.  HOSTNAME is the unqualified hostname that
       Tripwire is running on, and DATE is a string representation of the date and time.

   Required Variables
       The following variables must be set in order for Tripwire to operate.  The values listed
       below are assigned during installation.
   Other Variables
       The following variables are not required to run Tripwire, but some of the program's
       functionality will be lost without them.  The values assigned during installation are
       listed.

       EDITOR Specifies an editor to be used in interactive modes.  If EDITOR is not defined, and
              no editor is specified on the command line, using interactive modes will cause an
              error.
              Initial value:  /bin/vi

       TEMPDIRECTORY
              This variable can be set to the location to which tripwire should write its
              temporary files. By default it is /tmp, which due to the default permissions can be
              very insecure. It is recommended that you use this configuration variable to
              provide tripwire with a secure place to write temporary files. The directory used
              should have its permissions set such that only the owning process can read/write to
              it, i.e. "chmod 700".
              Initial value: /tmp

       GLOBALEMAIL
              This variable is set to a list of email addresses separated by either a comma ",",
              or semi-colon ";". If a report would have normally been sent out, it will also be
              send to this list of recipients.
              Initial value:  none

       LATEPROMPTING
              Prompt for passphrase as late as possible to minimize the amount of time that the
              passphrase is stored in memory.  If the value is true (case-sensitive), then late
              prompting is turned on.  With any other value, or if the variable is removed from
              the configuration file, late prompting is turned off.
              Initial value:  false

       LOOSEDIRECTORYCHECKING
              When a file is added or removed from a directory, Tripwire reports both the changes
              to the file itself, and the modification to the directory (size, num links, etc.).
              This can create redundant entries in Tripwire reports.  With loose directory
              checking, Tripwire will not check directories for any properties that would change
              when a file was added or deleted.  This includes: size, number of links, access
              time, change time, modification time, number of blocks, growing file, and all
              hashes.

              If the value for this variable is true (case-sensitive), then loose directory
              checking is turned on, and these properties will be ignored for all directories.
              With any other value, or if the variable is removed from the configuration file,
              loose directory checking is turned off. Turning loose directory checking on is
              equivalent to appending the following propertymask to the rules for all directory
              inodes: -snacmblCMSH
              Initial value:  false

       SYSLOGREPORTING
              If this variable is set to true, messages are sent to the syslog for four events:
              database initialization, integrity check completions, database updates, and policy
              updates.  The syslog messages are sent from the "user" facility at the "notice"
              level.  For more information, see the syslogd(1) man page and the syslog.conf file.
              The following illustrates the information logged in the syslog for each of the four
              events:
/var/lib/tripwire/test.twd
/var/lib/tripwire/test.twd
/var/lib/tripwire/test.twd

              The letters in the Integrity Checking log correspond to # of violations, maximum
              severity level, and # of files added, deleted, and changed, respectively.  With any
              value other than true, or if this variable is removed from the configuration file,
              syslog reporting will be turned off.
              Initial value:  true

       REPORTLEVEL
              Specifies the default level of report produced by the twprint --print-report mode.
              Valid values for this option are 0 to 4. The report level specified by this option
              can be overridden with the (-t or --report-level) option on the command line. If
              this variable is not included in the configuration file, the default report level
              is 3.  Note that only reports printed using the twprint --print-report mode are
              affected by this parameter; reports displayed by other modes and other commands are
              not affected.
              Initial value:  3

       DBPRINTLEVEL
              Specifies the default level of report produced by the twprint ‐‐print‐dbfile mode.
              Valid values for this option are 0 to 2. The output level specified by this option
              can be overridden with the (‐t or ‐‐output‐level) option on the command line. If
              this variable is not included in the configuration file, the default output level
              is 2.
              Initial value:  2

       HASH_DIRECT_IO
              Use direct i/o when hashing files. (Linux-only as of OST 2.4.3.2)
              Initial value:  false

       RESOLVE_IDS_TO_NAMES
              Specifies whether to resolve uid/gid values to user & group names.  Static binaries
              may segfault while calling getpwuid/getgrgid in certain nsswitch.conf
              configurations, and setting this to false will bypass the name resolution step and
              prevent the segfault.
              Initial value:  true

   Email Notification Variables
       MAILMETHOD
              Specifies the protocol to be used by Tripwire for email notification. The only
              acceptable values for this field are SMTP or SENDMAIL. Any other value will produce
              an error message.
              Initial value:  SENDMAIL

       SMTPHOST
              Specifies the domain name or IP address of the SMTP server used for email
              notification. Ignored unless MAILMETHOD is set to SMTP.
              Initial value:  mail.domain.com

       SMTPPORT
              Specifies the port number used with SMTP. Ignored unless MAILMETHOD is set to SMTP.
              Initial value:  25

       MAILPROGRAM
              Specifies the program used for email reporting of rule violations if MAILMETHOD is
              set to SENDMAIL.  The program must take an RFC822 style mail header, and recipients
              will be listed in the "To:" field of the mail header.  Some mail programs interpret
              a line consisting of only a single period character to mean end‐of‐input, and all
              text after that is ignored.  Since there is a small possibility that a Tripwire
              report would contain such a line, the mail program specified must be able to ignore
              lines that consist of a single period (the -oi option to sendmail produces this
              behavior).
              Initial value:  /usr/lib/sendmail -oi -t

       EMAILREPORTLEVEL
              Specifies the default level of report produced by the tripwire --check mode email
              report.  Valid values for this option are 0 to 4. The report level specified by
              this option can be overridden with the (-t or --email-report-level) option on the
              command‐line. If this variable is not included in the configuration file, the
              default report level is 3.
              Initial value:  3

       MAILNOVIOLATIONS
              This option controls the way that Tripwire sends email notification if no rule
              violations are found during an integrity check.  If MAILNOVIOLATIONS is set to
              false and no violations are found, Tripwire will not send a report. With any other
              value, or if the variable is removed from the configuration file, Tripwire will
              send an email message stating that no violations were found.

              Mailing reports of no violations allows an administrator to distinguish between
              unattended integrity checks that are failing to run and integrity checks that are
              running but are not finding any violations.  However, mailing no violations reports
              will increase the amount of data that must be processed.
              Initial value: true

       MAILFROMADDRESS
              Specifies the value of the "From:" field in email reports.
              Initial value:  tripwire@hostname, where 'hostname' is the local machine name.

VERSION INFORMATION

       This man page describes Tripwire 2.4.

AUTHORS

       Tripwire, Inc.

COPYING PERMISSIONS

       Permission is granted to make and distribute verbatim copies of this man page provided the
       copyright notice and this permission notice are preserved on all copies.

       Permission is granted to copy and distribute modified versions of this man page under the
       conditions for verbatim copying, provided that the entire resulting derived work is
       distributed under the terms of a permission notice identical to this one.

       Permission is granted to copy and distribute translations of this man page into another
       language, under the above conditions for modified versions, except that this permission
       notice may be stated in a translation approved by Tripwire, Inc.

       Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in
       the United States and other countries. All rights reserved.

SEE ALSO

       twintro(8), tripwire(8), twadmin(8), twprint(8), siggen(8), twpolicy(4), twfiles(5),
       sendmail(1), vi(1), syslogd(1)