Specifies an editor to be used in interactive modes. If EDITOR
is not defined, and no editor is specified on the command line, using
interactive modes will cause an error.
Initial value: /bin/vi
This variable can be set to the location to which tripwire should write
its temporary files. By default it is /tmp, which due to the default
permissions can be very insecure. It is recommended that you use this
configuration variable to provide tripwire with a secure place to write
temporary files. The directory used should have its permissions set such
that only the owning process can read/write to it, i.e. "chmod 700".
Initial value: /tmp
This variable is set to a list of email addresses separated by either
a comma ",", or semi-colon ";". If a report would have normally been
sent out, it will also be send to this list of recipients.
Initial value: none
Prompt for passphrase as late as possible to minimize the amount of
time that the passphrase is stored in memory. If the value is
true (case-sensitive), then late prompting is turned on. With
any other value, or if the variable is removed from the configuration
file, late prompting is turned off.
Initial value: false
|LOOSEDIRECTORYCHECKING||When a file is added or removed from a directory, Tripwire reports both the changes to the file itself, and the modification to the directory (size, num links, etc.). This can create redundant entries in Tripwire reports. With loose directory checking, Tripwire will not check directories for any properties that would change when a file was added or deleted. This includes: size, number of links, access time, change time, modification time, number of blocks, growing file, and all hashes.|
If the value for this variable is true (case-sensitive),
then loose directory checking is turned on, and these
properties will be ignored for all directories. With any other value,
or if the variable is removed from the configuration file, loose
directory checking is turned off. Turning loose directory checking
on is equivalent to appending the following propertymask to
the rules for all directory inodes:
Initial value: false
If this variable is set to true, messages are sent
to the syslog for four events: database initialization,
integrity check completions, database updates, and policy updates.
The syslog messages are sent from the "user" facility at
the "notice" level. For more information, see the
man page and the
syslog.conf file. The following illustrates the information logged
in the syslog for each of the four events:
The letters in the Integrity Checking log correspond to # of violations, maximum severity level, and # of files added, deleted, and changed, respectively. With any value other than true, or if this variable is removed from the configuration file, syslog reporting will be turned off.
Initial value: true
Specifies the default level of report produced by the twprint
--print-report mode. Valid values for this option are 0 to
4. The report
level specified by this option can be overridden with the (-t or --report-level) option on the command line. If
this variable is not included in the configuration file, the default
report level is 3. Note that only reports printed using the
twprint --print-report mode are affected by this
parameter; reports displayed by other modes and other commands
are not affected.
Initial value: 3
MAILMETHOD Specifies the protocol to be used by Tripwire for email notification. The only acceptable values for this field are SMTP or SENDMAIL. Any other value will produce an error message.
Initial value: SENDMAIL
SMTPHOST Specifies the domain name or IP address of the SMTP server used for email notification. Ignored unless MAILMETHOD is set to SMTP.
Initial value: mail.domain.com
SMTPPORT Specifies the port number used with SMTP. Ignored unless MAILMETHOD is set to SMTP.
Initial value: 25
MAILPROGRAM Specifies the program used for email reporting of rule violations if MAILMETHOD is set to SENDMAIL. The program must take an RFC822 style mail header, and recipients will be listed in the "To:" field of the mail header. Some mail programs interpret a line consisting of only a single period character to mean end-of-input, and all text after that is ignored. Since there is a small possibility that a Tripwire report would contain such a line, the mail program specified must be able to ignore lines that consist of a single period (the -oi option to sendmail produces this behavior).
Initial value: /usr/lib/sendmail -oi -t
EMAILREPORTLEVEL Specifies the default level of report produced by the tripwire --check mode email report. Valid values for this option are 0 to 4. The report level specified by this option can be overridden with the (-t or --email-report-level) option on the command-line. If this variable is not included in the configuration file, the default report level is 3.
Initial value: 3
MAILNOVIOLATIONS This option controls the way that Tripwire sends email notification if no rule violations are found during an integrity check. If MAILNOVIOLATIONS is set to false and no violations are found, Tripwire will not send a report. With any other value, or if the variable is removed from the configuration file, Tripwire will send an email message stating that no violations were found. Mailing reports of no violations allows an administrator to distinguish between unattended integrity checks that are failing to run and integrity checks that are running but are not finding any violations. However, mailing no violations reports will increase the amount of data that must be processed.
Initial value: true
This man page describes Tripwire 2.4.
Permission is granted to make and distribute verbatim copies of this man page provided the copyright notice and this permission notice are preserved on all copies.
Permission is granted to copy and distribute modified versions of this man page under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one.
Permission is granted to copy and distribute translations of this man page into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by Tripwire, Inc.
Copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.
twintro(8), tripwire(8), twadmin(8), twprint(8), siggen(8), twpolicy(5), twfiles(5), sendmail(1), vi(1), syslogd(1)
|-->||TWCONFIG (5)||1 July 2000|