8.2.5_syslog-ng_remote_host.sh 8.2.6_remote_syslog-ng_acl.sh 8.3.1_install_tripwire.sh

2025-06-22 02:33:42 +02:00 · 2016-04-14 22:47:34 +02:00
parent f0bff32503
commit d373b6f937
10 changed files with 184 additions and 12 deletions
--- a/bin/postinstall/tripwire.sh
+++ b/bin/postinstall/tripwire.sh
@ -0,0 +1,20 @@
+#!/bin/bash
+
+#
+# CIS Debian 7 Hardening
+#
+
+# If you followed this CIS hardenning, this script follows 8.3.1_install_tripwire.sh
+# After installing tripwire, you may want to run those few commented commands to make it fully functionnal
+
+echo "Generating Site key file..."
+twadmin -m G -S /etc/tripwire/site.key # Generates Site key file
+echo "Generating Local key file..."
+twadmin -m G -S /etc/tripwire/$(hostname -f)-local.key # Generate local key file
+echo "Generating encrypted policy..."
+twadmin -m P /etc/tripwire/twpol.txt # Apply new policy with generated site key file
+echo "Generating Local database with newly created key..."
+/usr/sbin/twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt # Init database with generated local key file
+echo "Testing tripwire database update"
+tripwire -m i # Test configuration update
+~