Difference between revisions of "Tripwire: Notifikasi e-mail"

Latest revision as of 07:28, 25 January 2011

Kita dapat melaporkan kejadian menggunakan tripwire dan ini harus ditulis pada file Tripwire

/etc/tripwire/twpol.txt

contoh e-mail admin bob@domain.com;sam@domain.com

(
  rulename = "Networking Programs",
  severity = $(SIG_HI),
  emailto = bob@domain.com;sam@domain.com
)

encrypt policy

cd /etc/tripwire
twadmin --create-polfile --cfgfile ./tw.cfg --site-keyfile ./site.key ./twpol.txt

Konfigurasi SMTP Server

Edit

vi /etc/tripwire/twcfg.txt

Pastikan misalnya

MAILMETHOD    =SMTP
SMTPHOST      =smtp.telkom.net
SMTPHOST      =222.124.18.79 (kalau mau aman)
SMTPPORT      =25

encrypt konfigurasi

cd /etc/tripwire
twadmin --create-cfgfile --cfgfile ./tw.cfg --site-keyfile ./site.key ./twcfg.txt

Test e-mail message

Untuk mentest notifikasi e-mail kita dapat mengunakan perintah berikut

/usr/sbin/tripwire --test --email your@email.address

Test e-mail akan dikirim langsung ke e-mail address oleh tripwire

Referensi

http://www.centos.org/docs/2/rhl-rg-en-7.2/s1-tripwire-email.html

Pranala Menarik

Difference between revisions of "Tripwire: Notifikasi e-mail"

Latest revision as of 07:28, 25 January 2011

Contents

Konfigurasi SMTP Server

Test e-mail message

Referensi

Pranala Menarik

Navigation menu

Search

@@ Line 1: / Line 1: @@
-Tripwire and Email
+Kita dapat melaporkan kejadian menggunakan tripwire dan ini harus ditulis pada file Tripwire
-Tripwire can email someone if a specific type of rule in the policy file is violated. To configure Tripwire to do this, you first have to know the email address of the person to be contacted if a particular integrity violation occurs, plus the name of the rule you would like to monitor. Note that on large systems with multiple administrators, you can have different sets of people notified for certain violations and no one notified for minor violations.
+ /etc/tripwire/twpol.txt
-Once you know who to notify and what to notify them about, add an emailto= line to the rule directive section of each rule. Do this by adding a comma after the severity= line and putting emailto= on the next line, followed by the email addresses to send the violation reports for that rule. Multiple emails will be sent if more than one email address is specified and they are separated by a semi-colon.
+contoh e-mail admin bob@domain.com;sam@domain.com
-For example, if you would like two administrators, Sam and Bob, notified if a networking program is modified, change the Networking Programs rule directive in the policy file to look like this:
+ (
+   rulename = "Networking Programs",
+   severity = $(SIG_HI),
+   emailto = bob@domain.com;sam@domain.com
+ )
-(
+encrypt policy
-  rulename = "Networking Programs",
-  severity = $(SIG_HI),
-  emailto = bob@domain.com;sam@domain.com
-)
-Once a new signed policy file is generated from the /etc/tripwire/twpol.txt file, the specified email addresses will be notified upon violations of that particular rule. For instructions on signing your policy file, see the section called Updating the Policy File.
+ cd /etc/tripwire
-Sending Test Email Messages
+ twadmin --create-polfile --cfgfile ./tw.cfg --site-keyfile ./site.key ./twpol.txt
-To make sure that Tripwire's email notification configuration can actually send email correctly, use the following command:
+==Konfigurasi SMTP Server==
-/usr/sbin/tripwire --test --email your@email.address
+Edit
-A test email will immediately be sent to the email address by the tripwire program.
+ vi /etc/tripwire/twcfg.txt
+Pastikan misalnya
+ MAILMETHOD    =SMTP
+ SMTPHOST      =smtp.telkom.net
+ SMTPHOST      =222.124.18.79 (kalau mau aman)
+ SMTPPORT      =25
+encrypt konfigurasi
+ cd /etc/tripwire
+ twadmin --create-cfgfile --cfgfile ./tw.cfg --site-keyfile ./site.key ./twcfg.txt
+==Test e-mail message==
+Untuk mentest notifikasi [[e-mail]] kita dapat mengunakan perintah berikut
+ /usr/sbin/tripwire --test --email your@email.address
+Test [[e-mail]] akan dikirim langsung ke e-mail address oleh tripwire
 ==Referensi==