Tripwire: Admin

From OnnoWiki
Jump to navigation Jump to search

sumber: https://linux.die.net/man/8/twadmin



Name

twadmin - Tripwire administrative and utility tool Synopsis

twadmin { -m F | --create-cfgfile } options...

   configfile.txt 

twadmin { -m f | --print-cfgfile } [ options... ] twadmin { -m P | --create-polfile } [ options... ]

   policyfile.txt 

twadmin { -m p | --print-polfile } [ options... ] twadmin { -m R | --remove-encryption } [ options... ]

   file1 [ file2... ] 

twadmin { -m E | --encrypt } [ options... ]

   file1 [ file2... ] 

twadmin { -m e | --examine } [ options... ]

   file1 [ file2... ] 

twadmin { -m G | --generate-keys } options...

Description

The twadmin utility is used to perform certain administrative functions related to Tripwire files and configuration options. Specifically, twadmin allows encoding, decoding, signing, and verification of Tripwire files, and provides a means to generate and change local and site keys.

Creating a configuration file (--create-cfgfile)

This command mode designates an existing text file as the new configuration file for Tripwire. The plain text configuration file must be specified on the command line. Using the site key, the new configuration file is encoded and saved.

Printing a configuration file (--print-cfgfile)

This command mode prints the specified encoded and signed configuration file in clear-text form to standard output.

Replacing a policy file (--create-polfile)

This command mode designates an existing text file as the new policy file for Tripwire. The plain text policy file must be specified on the command line. Using the site key, the new policy file is encoded and saved.

Printing a policy file (--print-polfile)

This command mode prints the specified encoded and signed policy file in clear-text form to standard output.

Removing encryption from a file (--remove-encryption)

This command mode allows the user to remove signing from signed configuration, policy, database, or report files. Multiple files may be specified on the command line. The user will need to enter the appropriate local or site keyfile, or both if a combination of files is to be verified. Even with the cryptographic signing removed, these files will be in a binary encoded (non-human-readable) form.

Encrypting a file (--encrypt)

This command mode allows the user to sign configuration, policy, database files, or reports. Multiple files may be specified on the command line. The files will be signed using either the site or local key, as appropriate for the type of file. To automate the process, the passphrase for the key files can be included on the command line.

Examining the signing status of a file (--examine)

This command allows the user to examine the listed files and print a report of their signing status. This report displays the filename, file type, whether or not a file is signed, and what key (if any) is used to sign it.

Generating keys (--generate-keys)

This command mode generates site and/or local key files with names specified by the user.

Options

Creating a configuration file:

   configfile.txt 

-m F, --create-cfgfile

   Mode selector. 

-v, --verbose

   Verbose output mode. Mutually exclusive with (-s). 

-s, --silent, --quiet

   Silent output mode. Mutually exclusive with (-v). 

-c cfgfile, --cfgfile cfgfile

   Specify the destination of the encoded (and optionally signed) configuration file. 

-S sitekey, --site-keyfile sitekey

   Use the specified site key file to encode and sign the new configuration file. Exactly one of (-S) or (-e) must be specified. 

-Q passphrase, --site-passphrase passphrase

   Specifies passphrase to be used with site key for configuration file encoding and signing. Valid only in conjunction with (-S). 

-e, --no-encryption

   Do not sign the configuration file being stored. The configuration file will still be compressed, and will not be human-readable. Mutually exclusive with (-Q) and (-S). 

configfile.txt

   Specifies the text configuration file that will become the new configuration file. 

______________________________________________________________________________

Printing a configuration file:

   -m f, --print-cfgfile
   Mode selector. 

-v, --verbose

   Verbose output mode. Mutually exclusive with (-s). 

-s, --silent, --quiet

   Silent output mode. Mutually exclusive with (-v). 

-c cfgfile, --cfgfile cfgfile

   Print the specified configuration file. 

______________________________________________________________________________

Creating a policy file:

   policyfile.txt 

-m P, --create-polfile

   Mode selector. 

-v, --verbose

   Verbose output mode. Mutually exclusive with (-s). 

-s, --silent, --quiet

   Silent output mode. Mutually exclusive with (-v). 

-c cfgfile, --cfgfile cfgfile

   Use the specified configuration file. 

-p polfile, --polfile polfile

   Specify the destination of the encoded (and optionally signed) policy file. 

-S sitekey, --site-keyfile sitekey

   Use the specified site key file. Mutually exclusive with (-e). 

-Q passphrase, --site-passphrase passphrase

   Specifies passphrase to be used with site key for policy signing. Mutually exclusive with (-e). 

-e, --no-encryption

   Do not sign the policy file being stored. The policy file will still be compressed, and will not be human-readable. Mutually exclusive with (-Q) and (-S). 

policyfile.txt

   Specifies the text policy file that will become the new policy file. 

______________________________________________________________________________

Printing a policy file:

   -m p, --print-polfile
   Mode selector. 

-v, --verbose

   Verbose output mode. Mutually exclusive with (-s). 

-s, --silent, --quiet

   Silent output mode. Mutually exclusive with (-v). 

-c cfgfile, --cfgfile cfgfile

   Use the specified configuration file. 

-p polfile, --polfile polfile

   Print the specified policy file. 

-S sitekey, --site-keyfile sitekey

   Use the specified site key file. 

______________________________________________________________________________

Removing encryption from a file:

   file1 [ file2... ] 

-m R, --remove-encryption

   Mode selector. 

-v, --verbose

   Verbose output mode. Mutually exclusive with (-s). 

-s, --silent, --quiet

   Silent output mode. Mutually exclusive with (-v). 

-c cfgfile, --cfgfile cfgfile

   Use the specified configuration file. 

-L localkey, --local-keyfile localkey

   Specify the local keyfile to use to verify database files and reports. 

-S sitekey, --site-keyfile sitekey

   Specify the site keyfile to use to verify configuration and policy files. 

-P passphrase, --local-passphrase passphrase

   Specify the passphrase to use when verifying with the old local keyfile. 

-Q passphrase, --site-passphrase passphrase

   Specify the passphrase to use when verifying with the old site keyfile. 

file1 [ file2... ]

   List of files from which signing is to be removed. 

______________________________________________________________________________

Encrypting a file:

   file1 [ file2... ] 

-m E, --encrypt

   Mode selector. 

-v, --verbose

   Verbose output mode. Mutually exclusive with (-s). 

-s, --silent, --quiet

   Silent output mode. Mutually exclusive with (-v). 

-c cfgfile, --cfgfile cfgfile

   Use the specified configuration file. 

-L localkey, --local-keyfile localkey

   Specify the local keyfile to use to sign database files and reports. 

-S sitekey, --site-keyfile sitekey

   Specify the site keyfile to use to sign configuration and policy files. 

-P passphrase, --local-passphrase passphrase

   Specify the passphrase to use when signing with the local keyfile. 

-Q passphrase, --site-passphrase passphrase

   Specify the passphrase to use when signing with the site keyfile. 

file1 [ file2... ]

   List of files to sign using the new key(s). 

______________________________________________________________________________

Examining the encryption status of a file:

   file1 [ file2... ] 

-m e, --examine

   Mode selector. 

-v, --verbose

   Verbose output mode. Mutually exclusive with (-s). 

-s, --silent, --quiet

   Silent output mode. Mutually exclusive with (-v). 

-c cfgfile, --cfgfile cfgfile

   Use the specified configuration file. 

-L localkey, --local-keyfile localkey

   Specifies the key to use as a local key. 

-S sitekey, --site-keyfile sitekey

   Specifies the key to use as a site key. 

file1 [ file2... ]

   List of files to examine. 

______________________________________________________________________________

Generating keys:

   -m G, --generate-keys
   Mode selector. 

-v, --verbose

   Verbose output mode. Mutually exclusive with (-s). 

-s, --silent, --quiet

   Silent output mode. Mutually exclusive with (-v). 

-L localkey, --local-keyfile localkey

   Generate the local key into the specified file. At least one of (-L) or (-S) must be specified. 

-S sitekey, --site-keyfile sitekey

   Generate the site key into the specified file. At least one of (-S) or (-L) must be specified. 

-P passphrase, --local-passphrase passphrase

   Specify local passphrase to be used when generating the local key. 

-Q passphrase, --site-passphrase passphrase

   Specify site passphrase to be used when generating the site key. 

Version Information

This man page describes twadmin version 2.4.1. Authors

Tripwire, Inc.


Referensi