MARCO TEÓRICO 2.1 ANTECEDENTES
1. Proceso de capacitación permanente
An e-mail launch command is a launch command that will send e-mail when it is executed.
To Addresses A semicolon-separated list of the addresses of the recipients of the e-mail.
From Address The address of the sender of the e-mail.
Subject The subject line for the e-mail. Tripwire Manager replaces valid Launch Command Parameters found here with their values.
Body The body of the e-mail. Tripwire Manager replaces valid Launch Command Parameters here with their values. This may generate e-mails.
NOTE: In order for the e-mail launch command to work, you must already have configured the e-mail notification parameters.
Working with Launch Commands
Creating Launch CommandsTo create a new command line Launch Command:
1. Select Launch > Edit Launch Commands.
or
Right-click an active Launch Command tool bar button and select
Edit or Properties.
2. Click New Command Line. The Command Line Launch Command Properties dialog opens.
3. Fill in values for the new Launch Command 4. Click OK.
To create a new e-mail Launch Command:
1. Select Launch > Edit Launch Commands.
or
Right-click an active Launch Command tool bar button and select
Edit or Properties.
2. Click New E-mail. The Command Line Launch Command Properties dialog opens.
3. Fill in values for the new Launch Command. 4. Click OK.
Executing Launch Commands
Launch commands become enabled or disabled depending upon the user interface context of Tripwire Manager. See Launch Contexts on page 116.
To execute a Launch Command:
1. Click the Launch Command’s button in the toolbar.
or
Select the desired command from the Launch menu.
Modifying Launch Commands
To modify an existing launch command:
1. Right-click an enabled command’s button in the toolbar and select Properties from the context menu.
or
1. Select Launch > Edit Launch Commands. The Edit Launch Commands dialog box opens.
2. Double-click the Launch Command you want to edit. The Properties dialog box opens.
Deleting Launch Commands
To delete a launch command:
1. Select Launch > Edit Launch Commands.
or
Right-click an active Launch Command tool bar button and select
Edit Launch Commands.
2. Select the Launch Commands you want to delete. 3. Click Delete.
4. Click Yes.
Exporting Launch Commands
You can export Launch Commands to a plain text file in order to share them among multiple installations of Tripwire Manager. Do not hand-edit these files.
To export launch commands:
1. Select Launch > Export Launch Commands. The Save dialog box opens.
2. Choose a destination file name. 3. Click Save.
Importing Launch Commands
Launch Contexts
The launch context setting determines when you can execute the Launch Command and what information it can pass to an external application. Tripwire Manager can also execute Launch Commands as notifications.
Launch Commands
You can execute a Launch Command when the conditions for that command's Launch Context are fulfilled. Each Launch Context provides a set of parameters that the launch command can pass to an external application.
More than one launch context can be active at the same time. For example, when the report viewer is active and a report is selected, this fulfills the conditions for the following launch contexts:
• Global Context (because Global Context always applies) • Report List Context (because the report viewer is active) • Report Context (because the report viewer is active and a report
is selected)
Launch Context Conditions
Global Always available
Machine List One or more machines is selected in the machine window
Report List Reports are open for viewing or for database update Report Report viewer or Database Update window is active and
a report, or item under a report is selected Update Database Database Update window is active
Rule Block Report viewer or Database Update window is open and the reports tab, and rule block or violation is selected Violation Report viewer or Database Update window is active and
Global Context
You can execute a launch command with global context at any time. Global context supports the following parameters:
%M This parameter is replaced by the HTML code that is a current manager report.
%T This parameter is replaced by the full path to a temporary file containing an HTML file that is a current manager report generated when the launch command is executed. Tripwire Manager does not remove these files when it exits, so you must remove them manually.
%U Name of user under which Tripwire Manager process is currently running.
Machine List Context
You can execute a launch command with machine context when you have selected one or more machines in the Machine window.
Note that %m* executes the launch or e-mail command once for each selected machine.
Machine list context supports the following parameters:
%c This parameter is replaced by the number of selected machines, expressed as a decimal integer without punctuation.
%G This parameter is replaced by the name of a file containing the group/machineName list.
%g This parameter is replaced by a group/machineName list. %I This parameter is replaced by a file containing machine IP list. %i This parameter is replaced by a newline-delimited list of the
IP addresses of the selected machines.
%m*.X This parameter is replaced by the value of the machine detail specified by X.
%n This parameter is replaced by a newline-delimited list of the names of the selected machines. The order of the names is not guaranteed, but the names will always be listed in the same order as the IP addresses of the selected machines as represented by the %i parameter.
%N This parameter is replaced by a temporary file name
containing a list of machines that are selected, down, or have new integrity data
Report List Context
You can execute a launch command with report list context when the report viewer or Database Update window is active.
Report list context supports the following parameters:
Note that when level 1,2,3, or 4 reports are concatenated, each report in the concatenation starts with a level zero report as a header.
%Ln (n=0..4) This parameter is replaced by the concatenated text of all reports displayed, which can otherwise be too large. The parameter name must be followed by an integer from zero (0) to four (4) that indicates the level of reports to be generated. For example “%L2” would be replaced by the text of all level 2 reports for the displayed reports.
%Fn (n=0..4) This parameter is replaced by the name of a temporary file containing the concatenated text of all reports generated from the displayed reports. The parameter name must be followed by an integer from zero (0) to four (4) that indicates the level of reports to be generated. For example “%F2” would be replaced by the name of a temporary file containing the text of all level 2 reports.
Report Context
You can execute a launch command with report context when the report viewer or Database Update window is active and a report, or item under a report is selected in the window.
Report context supports the following parameters:
%rL (L=0..4) This parameter is replaced by the text of a report generated from the selected report. The parameter name must be followed by an integer from zero (0) to four (4) that indicates the level of report to be generated. For example “%r2” would be replaced by the text of a level 2 report.
%tL (L=0..4) This parameter is replaced by the name of a temporary file containing the text of a report generated from the given report. The parameter name must be followed by an integer from zero (0) to four (4) that indicates the level of report to be generated. For example “%t2” would be replaced by the name of a temporary file containing the text of a level 2 report.
%R.X This parameter is replaced by the value of the report detail specified by X, which can otherwise be too large.
%S This parameter is replaced by the name of the machine on which the report was generated.
Rule Block Context
You can execute a launch command with rule block context when the report viewer or Database Update window is open, the reports tab is visible, and a rule block or violation is selected.
Rule context supports the following parameters:
%B.X These parameters are replaced by Rule block information as given by x.
Update Database Context
You can use update database context to specify a Tripwire Manager context which is active when the Manager displays a Database Update window.
Update Database context supports the following parameters:
%Fni (n=0..4) This parameter is replaced by the name of a temporary file that contains a level n report containing information on elements included for update
%Fne (n=0..4) This parameter is replaced by the name of temporary file that contains a level n report containing information on elements excluded from the update
%Lni (n=0..4) This parameter is replaced by the concatenation of level n reports containing information on elements included
for update
%Lne (n=0..4) This parameter is replaced by the concatenation of level n reports containing information on elements excluded
from the update
%S This parameter is replaced by the name of the machine
Violation Context
You can execute a launch command with violation context when the report viewer or Database Update window is active and a violation is selected in the window.
Violation context supports the following parameters:
%V.X This parameter is replaced by the value of the violation detail specified by X.
Launch Command Parameters
When Tripwire Manager encounters parameters within a Launch Context that is valid for that parameter, it replaces them with a value. When Tripwire Manager encounters parameters outside their legal Launch Contexts, it evaluates them instead of replacing them with a value. Some parameters produce values that contain spaces, new lines, quotes, etc. Though these values work in the body of an e-mail, values containing these characters may affect command line option behavior and in some cases the subject line of an e-mail.
In some cases,%r0 for example, you may wish to pass a parameter's values as a single command line option (by quoting the parameter specification) or as a set of values (by not quoting the parameter specification). This depends upon what the command line script is expecting.
Microsoft Outlook may wrap parameter values delimited by newlines. Set Outlook menu item Format > Unwrap Text to see the correct
representation of a multi-line value as generated by Tripwire.
Parameters with numeric values, for example %m*.v (violation count), may return a question mark (?) if Tripwire Manager cannot determine the value. That is, when Tripwire Manager's Machines would display an ellipsis (...).
Launch Command Parameter List
The tables on the following pages contain an alphabetical reference to parameters.Use the following key to understand the abbreviations in those tables: G - Global ML - Machine List RL - Report List UD - Update Database R - Report V - Violations RB - Rule Block
Param Description Context Use Command L in e E-mail s u bj ec t E-mail body
%B.a the added object count RB x x x
%B.c the changed object count RB x x x
%B.e the number of errors RB x x x
%B.m the e-mail address list of this rule
block RB x
%B.M name of a temporary file of the list of
e-mail addresses RB x x x
%B.n the name of the rule block RB x x x
%B.o list of objects under the currently
selected rule block RB x
%B.O name of a temporary file of a list of the objects under currently selected rule block
RB x x x
%B.r the removed object count RB x x x
%B.v the number of violations in the rule
block RB x x x
%B.x the rule block severity RB x x x
%c the number of selected machines ML x x x
%F0 name of temporary file containing
concatenation of level 0 reports RL x x x
%F0e name of temporary file containing concatenation of level 0 reports, excluding selected violations
%F1 name of temporary file containing
concatenation of level 1 reports RL x x x
%F1e name of temporary file containing
concatenation of level 1 reports, excluding selected violations
UD x x x
%F1i name of temporary file containing concatenation of level 1 reports, including selected violations
UD x x x
%F2 name of temporary file containing
concatenation of level 2 reports RL x x x
%F2e name of temporary file containing concatenation of level 2 reports, excluding selected violations
UD x x x
%F2i name of temporary file containing concatenation of level 2 reports, including selected violations
UD x x x
%F3 name of temporary file containing
concatenation of level 3 reports RL x x x
%F3e name of temporary file containing concatenation of level 3 reports, excluding selected violations
UD x x x
%F3i name of temporary file containing concatenation of level 3 reports, including selected violations
UD x x x
%F4 name of temporary file containing
concatenation of level 4 reports RL x x x
%F4e name of temporary file containing concatenation of level 4 reports, excluding selected violations
UD x x x
% F4i name of temporary file containing concatenation of level 4 reports, including selected violations
UD x x x
%g group/machineName list ML x
Param Description Context Use
Command Line E-mai
l subj
ect