NAME

       twfiles - overview of files used by Tripwire and file backup process

DESCRIPTION

   Configuration File
       default: /etc/tripwire/tw.cfg
       The  configuration  file stores system-specific information, such as the location of Tripwire data files.
       The configuration settings are generated during the installation process,  but  can  be  changed  by  the
       system administrator at any time.  See the twconfig(4) man page for a more complete discussion.

   Policy File
       default: /etc/tripwire/tw.pol
       The policy file consists of a series of rules specifying the system objects that Tripwire should monitor,
       and the data for each object that should be collected and stored in the database file.  Should unexpected
       changes  occur, the policy file can describe the person to be notified and the severity of the violation.
       See the policyguide.txt file in the policy directory and the twpolicy(4) man page  for  a  more  complete
       discussion.

   Database File
       default: /var/lib/$(HOSTNAME).twd
       The  database  file  serves as the baseline for integrity checking.  After installation, Tripwire creates
       the initial database file, a "snapshot" of the filesystem in  a  known  secure  state.   Later,  when  an
       integrity  check  is  run,  Tripwire compares each system object described in the policy file against its
       corresponding entry in the database.  A report is created, and  if  an  object  has  changed  outside  of
       constraints  defined in the policy file, a violation is reported.  See the tripwire(8) and twprint(8) man
       pages for more information on creating and maintaining database files.

   Report Files
       default: /var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr
       Once the above three files have been created, Tripwire can run an integrity  check  and  search  for  any
       differences  between  the  current  system and the data stored in the "baseline" Tripwire database.  This
       information is archived into report files, a collection of rule violations discovered during an integrity
       check.  With the appropriate settings, a report can also be emailed to one or more recipients.   See  the
       tripwire(8) and twprint(8) man pages for information on creating and printing report files.

   Key Files
       defaults: /etc/tripwire/site.key and /etc/tripwire/$(HOSTNAME)-local.key
       It  is  critical  that  Tripwire  files be protected from unauthorized access‐‐an attacker who is able to
       modify these files can subvert Tripwire operation.  For this reason, all of the above  files  are  signed
       using  public  key  cryptography to prevent unauthorized modification.  Two separate sets of keys protect
       critical Tripwire data files.  One or both of these key sets is necessary  for  performing  almost  every
       Tripwire task.

       The  site  key  is  used  to  protect files that could be used across several systems.  This includes the
       policy and configuration files.  The local key is used to protect files specific to  the  local  machine,
       such  as the Tripwire database.  The local key may also be used for signing integrity check reports.  See
       the twadmin(8) man page for more information on keys.

   File Backup
       To prevent the accidental deletion  of  important  data,  Tripwire  automatically  creates  backup  files
       whenever  any  Tripwire file is overwritten. The existing file will be renamed with a .bak extension, and
       the new version of the file will take its place.  Only one backup copy for each filename can exist at any
       time.  If a backup copy of a file already exists, the older backup file will be deleted and replaced with
       the newer one.

       File backup is an integral part of Tripwire, and cannot be removed or changed.

VERSION INFORMATION

       This man page describes Tripwire 2.4.

AUTHORS

       Tripwire, Inc.

COPYING PERMISSIONS

       Permission is granted to make and distribute verbatim copies of this  man  page  provided  the  copyright
       notice and this permission notice are preserved on all copies.

       Permission  is granted to copy and distribute modified versions of this man page under the conditions for
       verbatim copying, provided that the entire resulting derived work is distributed under  the  terms  of  a
       permission notice identical to this one.

       Permission  is  granted to copy and distribute translations of this man page into another language, under
       the above conditions for modified versions, except that  this  permission  notice  may  be  stated  in  a
       translation approved by Tripwire, Inc.

       Copyright  2000-2018  Tripwire,  Inc.  Tripwire is a registered trademark of Tripwire, Inc. in the United
       States and other countries. All rights reserved.

SEE ALSO

       twintro(8), tripwire(8), twadmin(8), twprint(8), siggen(8), twconfig(4), twpolicy(4)

Open Source Tripwire 2.4                           04 Jan 2018                                        TWFILES(5)