MODELOS DE APRENDIZAJE
2.6.1. Aprendizaje significativo
On the E-mail tab, you can set the following configuration options:
Mail Method The protocol for sending e-mail reports.
Valid values: SMTP, sendmail, or MAPI (for Windows) Default value: SMTP
SMTP Host The domain name or IP address of the SMTP server.
Dependency: Mail Method must be set to SMTP
Valid values: IP address or domain name of SMTP server
Mail Program Path and arguments to a mail program.
Dependency: Mail Method must be set to sendmail Case-sensitive:yes
A valid mail program must:
• be executable by the user account Tripwire for Servers is running under
• take an RFC822-style mail header
• list recipients in the To field of the mail header • ignore lines of a single period
From Address A resolvable From address for e-mail reports sent via SMTP or sendmail. This option does not work for MAPI. Valid values: one resolvable SMTP e-mail address Example: [email protected]
Case-sensitive: no (both [email protected] and [email protected] are acceptable)
Character Character set for Tripwire SMTP e-mail reports.
Encoding This option does not work for MAPI.
E-mail Report A level of detail for e-mail reports
Level
Default value: 3 Valid values: 0 to 4
0 single line summary report of total adds, removes and changes
1 parsable list of all violated objects
2 summary report; lists violations by section and rule name
3 compares expected and observed proper- ties for each violated object; more concise than a level 4 report
Mail ‘No Causes Tripwire for Servers to send e-mail notification
Violations’ even when integrity checks detect no violations. For the
Reports highest security, set this parameter to true.
Localize Controls localization of e-mail reports on Japanese
E-mail locales. If your e-mail servers and clients do not handle multi-byte characters well, you can work around this by unchecking this option. When unchecked, e-mail reports are sent in English on Japanese locales.
Global E-mail E-mail addresses to receive (all) e-mail reports after each integrity check. When Mail ‘No Violations’ Reports is unchecked, reports are not sent when integrity checks detect no violations.
Default value: none
Valid values: any valid e-mail address or addresses
Note: You can delimit multiple e-mail addresses with semicolons. For more information, see page 10 of the Tripwire Reference Guide.
Logging Tab
On the Logging tab, you can set the following configuration options:
Syslog Causes Tripwire for Servers to log a record of database
Reporting initializations, integrity checks, database updates, policy file updates, and commands executed by Tripwire to a system log file.
In UNIX, by default Tripwire for Servers makes log entries to the syslog from the user facility at the notice level.
In the Windows operating system, by default Tripwire for Servers makes log entries to the application event log.
U
Syslog Host Causes Tripwire for Servers to log syslog entries to a
remote host or number of host machines.
Note: Without third-party tools, Tripwire for Servers cannot remotely log UNIX machine integrity check information to a Windows machine, or vice versa. Your syslog host must match the OS of the machine that generates the log information.
Valid values: \\remote_host
You can specify multiple remote hosts like this. Precede each host name with two \ characters:
W
SYSLOGHOST=\\host1 \\host2 \\host3 ...
Syslog Level of detail for syslog entries made for integrity
Report Level checks.
Dependency: Syslog Reporting must be set to true Default value: 0
Valid values: 0 to 2
Syslog No Causes Tripwire to log notification to the syslog when an
Violations integrity check detects no violations. For the highest security, activate this option.
0 single line summary syslog entry; lists total adds, removes, and changes
1 separate syslog entry for each violation 2 separate syslog entry for each violation;
entry shows that a violation occurred, and which properties were violated
Syslog Const Causes Tripwire to report all events that use a Tripwire for Servers executable, including events that do not change the state of Tripwire for Servers files (such as printing reports, examining encryption, or accessing help on the command line).
Localize Controls localization of syslog messages on Japanese
Syslog locales. To write Tripwire syslog messages in multi-byte characters on Japanese locales, check this option.
Note: Not all syslog utilities support multi-bye
characters. To work around this, leave this option unchecked.
Audit Log Causes Tripwire for Servers to write audit log entries with the same level of report information specified by the
Syslog Report Level. Allows integration of Tripwire for Servers integrity check information with other
applications that read audit entries.
Syslog Facility Specifies the destination facility for syslog entries made by Tripwire.
Valid values: Varies by operating system (see table)
Syslog PriorityAllows Tripwire for Servers to access the numeric range of syslog priorities (as supported by a machine’s OS).
OS Valid values
UNIX user, local0 through local7, auth, authpriv
Default: user Windows application, system
SNMP Tab
On the SNMP tab, you can set the following configuration options:
SNMP Host Causes Tripwire for Servers to send an SNMP message trap to the specified host. The information sent is identical to a level 0 e-mail report (a one-line summary of total violations).
Valid values: IP address or domain name of SNMP host
SNMP Port Specifies which port on the SNMP host Tripwire for Servers should use for SNMP traffic.
Default value: public Valid values: any text string
SNMP Sets the community name in SNMP trap messages from
Community Tripwire for Servers. This option is only relevant for SNMP version 1.
Valid values: any text string
SNMP on Causes Tripwire for Servers to send an SNMP trap even
“No when integrity checks detect no violations.
Violations”
Determine IP Causes Tripwire to automatically determine the Network
address of Interface Card (NIC) to use for SNMP traps. Select this
server option only if your machine has one NIC.
automatically
Send SNMP Causes Tripwire to use the Network Interface Card (NIC)
traps from the that you specify for SNMP traps. Select this option if
following IP your machine has more than one NIC.
Other Tab
On the Other tab, you can set the following command-line-related configuration options:
Editor Sets an absolute path to a text editor for interactive integrity checks. (Interactive integrity checks allow an update of the database directly after an integrity check.) If the path to the executable contains white space, it must be quoted.
A valid text editor must:
• accept a file on the command line
• exit with 0 status on success and non-0 status on error.
If the configuration file does not specify an editor and no editor is specified on the command line, Tripwire for Servers uses the $VISUAL or $EDITOR environment variables. If these do not specify an editor, Tripwire for Servers displays an error message.
Machine Specifies a default level of detail for Tripwire report files
Report Level generated from the command line.
Default value: 3 Valid values: 0 to 4
Machine Specifies a default format for Tripwire report files
Report generated from the command line.
Format
Default value: classic (plain text) Valid values: classic, HTML, XML
Database Specifies a default format for Tripwire database files
Printing printed from the command line.
Format
Default value: classic
Valid values: classic, HTML, XML
0 single line summary report; lists total adds, removes and changes
1 parsable list of all violated objects
2 summary report; lists violations by section and rule name
3 compares expected and observed properties for each violated object; more concise than a level 4 report
Database Specifies a default level of detail for Tripwire database
Printing files printed from the command line.
Level
Default value: 2 Valid values: 0 to 2
Late Causes Tripwire for Servers to delay the prompt for
Prompting passphrases until the last moment. This minimizes the amount of time a passphrase stays in memory.
0 summary of the database file, without objects
1 all objects in the database file
2 all objects in the database file, plus proper- ties monitored for each object
Policy File Editor
The Policy File Editor provides a method for you to quickly create or edit policy files through a graphical user interface. You can also use a text editor to edit policy files, if you prefer. For information on using the Policy File Editor, see page 70.
The Policy File Editor consists of two (for UNIX) or three (for Windows) tabs, which appear in the lower left of frame:
A. Global Variableslists all pre-defined and user-defined variables (each in their own section) by name and associated value. You can add or delete user-defined variables, as well as edit the values associated with each user-defined variable.
B. File System displays the variables that exist in the File System section of the policy file (in the upper right pane) and the rules, exclusions, and rule blocks that exist in the policy file (in the lower right pane)
C. Registry displays the defined variables that exist in the Registry section of the policy file (in the upper right pane) and the rules, exclusions, and rule blocks that exist in the policy file (in the lower right pane)
Note: The Registry tab appears only if you are working with a Windows machine.
Report Viewer
The Report Viewer displays violation reports generated by Tripwire for Servers machines. You also use it to update the database with report information.
The Report Viewer consists of three panes:
A. Main Pane shows information about the open report files, and the violations within those files, in four different formats
B. Object Pane shows the children of any item selected in the Main Pane
C. Detail Pane shows detailed information for any item selected in the Objects Pane
Main Pane
In the Main Pane you can switch between four tabs. Each tab provides you with a different view of the information in the open reports.
Reports Tab shows all violations reported in the currently-open reports in a hierarchical tree structure. Report files are the top-level nodes in the tree.
Objects Tab shows all objects in the open reports for which there have been violations and the number of machines on which the objects were violated.
Violations Tab shows violations for all open reports as a list of entries. All times are expressed in the time zone of the Tripwire Manager machine.
Summary Tab shows a pie chart of the number and severity of violations in all open reports. Click for a more detailed,
printable summary of all current violations.
Detail Pane
The Detail pane displays details about the item that is currently selected. Icons denote any properties with unexpected values.
Report Viewer Icons
Report Files - this icon represents an open report file. The color of the icon reflects the severity level (page 62 of the Tripwire Reference Guide) of the most severe violation in the report: • Red reports have at least one high-severity violation
(severity level 66 or higher)
• Yellow reports have at least one medium-severity violation (severity level 33 to 65), but no high-severity violations • Blue reports have at least one low-severity violation
(severity level 0 to 32), but no high- or medium-severity violations
• Green reports have no violations
Errors - this icon represents errors that Tripwire software encountered during an integrity check. Errors could occur when: • permissions prevent Tripwire software from scanning objects • objects specified in the policy file are open for exclusive use
Report File Sections - this icon represents a section of the report file being displayed. The three possible sections are:
• Windows file system • Windows registry • UNIX file system
The section icons use the same colors as the report file icons (page 11) to display the highest severity level in each section of a report file.
Rules - this icon represents a report file rule that contains one or more violations. The color of the icon reflects the severity of the rule:
• Red rules have a severity level of 66 or higher • Yellow rules have a severity level between 33 and 65 • Blue rules have a severity level between 0 and 32
Added Object - this icon signifies that a new file, directory, or registry object has been added. The icons are color-coded to indicate severity, as described above.
Click on an Added Object violation to see detailed information about the new object in the Details Window.
Removed Object - This icon signifies that a file, directory, or registry object has been removed. The icons are color-coded to indicate severity, as described above.
Click on a Removed Object violation to see the expected property information for the object in the Details Window.
Modified Object - this icon signifies thatone or more of the properties that Tripwire software monitors for this object have changed. The icons are color-coded to indicate severity, as described above.
Click on a Modified Object violation to see both the expected and observed values for the object in the Details Window. Properties that have changed from their expected values are flagged.
Object Pane
The Object pane describes all the child objects of the object that is currently selected in the Main pane.
If you select an item in the Main pane, all of the child items are displayed in the Object pane. Click these objects to drill down for more detail. The Count column displays the number of machines on which violations with the same hash, object name, and origination were detected. Consider this example:
In this case, the count indicates that 100 machines have violations for the C:\test\DLLS object.
Object Count
Special Menu Options
This section describes menus that give access to special Tripwire
Manager features. Common features available in most software interfaces are not described.
Note: When Tripwire Manager has a Viewing connection (page 6) with a Tripwire for Servers machine, you cannot access some menu options for that machine.
Manager Menu
Add Machines - Register new Tripwire for Servers machines. You can add machines individually, or import a list of machines. See the Tripwire Manager Quick Start for more information.
Remove Machines - Unregister the selected Tripwire for Servers machines.
Synchronize Machines - Synchronize the Machine Lists for this Manager and another Manager, using a text file (see below). You can choose to add Tripwire for Servers machines, remove existing machines that are not in common, or do both.
Regroup Machines - Move all currently selected machines to a different group (page 14).
Export Selected Machines - Export the information for all selected machines to a text file. You can use this file to register the machines with another Tripwire Manager, or to synchronize another Manager’s Machine List with this one (see above).
Forget Tripwire Manager Passphrase - Immediately clear the Manager passphrase from memory.
Expand Machine Group - Expand the selected Machine Group (in the machine list).
Collapse Machine Group - Collapse the selected Machine Group (in the machine list).
Expand All Machine Groups - Expands all Machine Groups in the machine list.
Collapse All Machine Groups - Collapses all Machine Groups in the machine list.
Machine Menu
The Machine Menu provides access to the most commonly-performed tasks. You can also access most of these items from the Action Window (page 16) or by right-clicking a machine in the Machine List.
Edit Configuration File - Edit the configuration file (page 86) for the selected machines.
Edit Policy File - Edit the policy file (page 70) for the selected machines.
Edit Schedule File - Edit the schedule file (page 62) for the selected machines.
Open Integrity System - Open the integrity system for the selected machines. You can then edit and distribute the integrity system or save it locally (page 87).
Distribute File - Distribute a configuration, policy, or schedule file to selected machines.
Archive - Archive reports, policies, configurations, schedules, or integrity systems.
Integrity Check - Run an integrity check (page 56) for selected machines.
View Report - Examine the most recent report file (page 63) for selected machines.
Update Database - Update the database file (page 83) for the selected machines using their latest report file.
Initialize Database - Initialize the database file for the selected machines (page 83).
Accept All Violations - Accept all violations for the selected machines without opening the reports.
Change Machine Site Passphrase - Change the site passphrase (page 90) for the selected machines.
Change Machine Local Passphrase - Change the local passphrase (page 90) for the selected machines.
Refresh Status - Refreshes the Tripwire Manager information for the selected machines.
Cancel Current Task - Halts the current task being performed on the selected machines.
View Menu
The View menu controls the appearance of Tripwire Manager. From the View menu, you can:
• hide or display Tripwire Manager windows to display agent information
• restore the windows to their default configurations • clear the contents of the Output Window
• expand the Main Window to full screen size • open the Preferences dialog
Preferences
In the Preferences dialog, you set preferences for Tripwire Manager.
Font tab Set the font and font size used by Tripwire Manager.
Editor tab Specify the graphical editor or a text editor for editing policy files. In order to use the Policy Editor, the policy file must meet certain criteria (page 70).
Logging tab Specify a file for logging information. If audit logging is activated (by selecting the Require audit trail
information option), you must provide a reason when performing any operation that modifies the integrity system on a Tripwire for Servers machine. This includes editing files, changing passphrases, running an integrity check, initializing a database, or cancelling tasks. This information is displayed in the Output Window, and logged to the Tripwire Manager log file.
Updating tab Set the polling interval for Tripwire for Servers machines based on their conditions. By decreasing the intervals between updates, you increase the probability that Tripwire Manager accurately portrays a Tripwire for Servers machine at any given time, but at the cost of CPU and network performance.
You can decrease CPU and network load by increasing the interval between updates, but the Tripwire Manager’s display may be less in sync with the current state of Tripwire for Servers machines.
Timeouts tab Set timeout values for the amount of time that Tripwire Manager can be left inactive before prompting for a login passphrase, and the amount of time Tripwire Manager should attempt to connect to machines before timing out.
Notification Set the conditions and parameters for notification
tab of down machines or new integrity data. Tripwire Manager can notify by sending e-mail (page 94), by executing a launch command (page 95), and by archiving