1TWADMIN(8)                  System Manager's Manual                 TWADMIN(8)
2
3
4

NAME

6       twadmin - Tripwire administrative and utility tool
7

SYNOPSIS

9       twadmin { -m F | --create-cfgfile }  options...
10            configfile.txt
11       twadmin { -m f | --print-cfgfile } [ options... ]
12       twadmin { -m P | --create-polfile } [ options... ]
13            policyfile.txt
14       twadmin { -m p | --print-polfile } [ options... ]
15       twadmin { -m R | --remove-encryption } [ options... ]
16            file1 [ file2... ]
17       twadmin { -m E | --encrypt } [ options... ]
18            file1 [ file2... ]
19       twadmin { -m e | --examine } [ options... ]
20            file1 [ file2... ]
21       twadmin { -m G | --generate-keys } options...
22

DESCRIPTION

24       The twadmin utility is used to perform certain administrative functions
25       related to Tripwire files and configuration options.  Specifically,
26       twadmin allows encoding, decoding, signing, and verification of Trip‐
27       wire files, and provides a means to generate and change local and site
28       keys.
29
30   Creating a configuration file (--create-cfgfile)
31       This command mode designates an existing text file as the new configu‐
32       ration file for Tripwire.  The plain text configuration file must be
33       specified on the command line.  Using the site key, the new configura‐
34       tion file is encoded and saved.
35
36   Printing a configuration file (--print-cfgfile)
37       This command mode prints the specified encoded and signed configuration
38       file in clear-text form to standard output.
39
40   Replacing a policy file (--create-polfile)
41       This command mode designates an existing text file as the new policy
42       file for Tripwire.  The plain text policy file must be specified on the
43       command line.  Using the site key, the new policy file is encoded and
44       saved.
45
46   Printing a policy file (--print-polfile)
47       This command mode prints the specified encoded and signed policy file
48       in clear-text form to standard output.
49
50   Removing encryption from a file (--remove-encryption)
51       This command mode allows the user to remove signing from signed config‐
52       uration, policy, database, or report files.  Multiple files may be
53       specified on the command line. The user will need to enter the appro‐
54       priate local or site keyfile, or both if a combination of files is to
55       be verified. Even with the cryptographic signing removed, these files
56       will be in a binary encoded (non-human-readable) form.
57
58   Encrypting a file (--encrypt)
59       This command mode allows the user to sign configuration, policy, data‐
60       base files, or reports.  Multiple files may be specified on the command
61       line.  The files will be signed using either the site or local key, as
62       appropriate for the type of file.  To automate the process, the
63       passphrase for the key files can be included on the command line.
64
65   Examining the signing status of a file (‐‐examine)
66       This command allows the user to examine the listed files and print a
67       report of their signing status.  This report displays the filename,
68       file type, whether or not a file is signed, and what key (if any) is
69       used to sign it.
70
71   Generating keys (--generate-keys)
72       This command mode generates site and/or local key files with names
73       specified by the user.
74

OPTIONS

76   Creating a configuration file:
77           -m F            --create-cfgfile
78           -v              --verbose
79           -s              --silent, --quiet
80           -c cfgfile      --cfgfile cfgfile
81           -S sitekey      --site-keyfile sitekey
82           -Q passphrase   --site-passphrase passphrase
83           -e              --no-encryption
84           configfile.txt
85
86       ‐m F, --create-cfgfile
87              Mode selector.
88
89       ‐v, --verbose
90              Verbose output mode.  Mutually exclusive with (‐s).
91
92       ‐s, --silent, --quiet
93              Silent output mode.  Mutually exclusive with (‐v).
94
95       ‐c cfgfile, --cfgfile cfgfile
96              Specify the destination of the encoded (and optionally signed)
97              configuration file.
98
99       ‐S sitekey, --site-keyfile sitekey
100              Use the specified site key file to encode and sign the new con‐
101              figuration file.  Exactly one of (‐S) or (‐e) must be specified.
102
103       ‐Q passphrase, --site-passphrase passphrase
104              Specifies passphrase to be used with site key for configuration
105              file encoding and signing.  Valid only in conjunction with (‐S).
106
107       ‐e, --no-encryption
108              Do not sign the configuration file being stored.  The configura‐
109              tion file will still be compressed, and will not be human-read‐
110              able.  Mutually exclusive with (‐Q) and (‐S).
111
112       configfile.txt
113              Specifies the text configuration file that will become the new
114              configuration file.
115
116______________________________________________________________________________
117
118   Printing a configuration file:
119           -m f           --print-cfgfile
120           -v             --verbose
121           -s             --silent, --quiet
122           -c cfgfile     --cfgfile cfgfile
123
124       ‐m f, --print-cfgfile
125              Mode selector.
126
127       ‐v, --verbose
128              Verbose output mode.  Mutually exclusive with (‐s).
129
130       ‐s, --silent, --quiet
131              Silent output mode.  Mutually exclusive with (‐v).
132
133       ‐c cfgfile, --cfgfile cfgfile
134              Print the specified configuration file.
135
136______________________________________________________________________________
137
138   Creating a policy file:
139           -m P            --create-polfile
140           -v              --verbose
141           -s              --silent, --quiet
142           -c cfgfile      --cfgfile cfgfile
143           -p polfile      --polfile polfile
144           -S sitekey      --site-keyfile sitekey
145           -Q passphrase   --site-passphrase passphrase
146           -e              --no-encryption
147           policyfile.txt
148
149       ‐m P, --create-polfile
150              Mode selector.
151
152       ‐v, --verbose
153              Verbose output mode. Mutually exclusive with (‐s).
154
155       ‐s, --silent, --quiet
156              Silent output mode.  Mutually exclusive with (‐v).
157
158       ‐c cfgfile, --cfgfile cfgfile
159              Use the specified configuration file.
160
161       ‐p polfile, --polfile polfile
162              Specify the destination of the encoded (and optionally signed)
163              policy file.
164
165       ‐S sitekey, --site-keyfile sitekey
166              Use the specified site key file.  Mutually exclusive with (‐e).
167
168       ‐Q passphrase, --site-passphrase passphrase
169              Specifies passphrase to be used with site key for policy sign‐
170              ing.  Mutually exclusive with (‐e).
171
172       ‐e, --no-encryption
173              Do not sign the policy file being stored.  The policy file will
174              still be compressed, and will not be human-readable.  Mutually
175              exclusive with (‐Q) and (‐S).
176
177       policyfile.txt
178              Specifies the text policy file that will become the new policy
179              file.
180
181______________________________________________________________________________
182
183   Printing a policy file:
184           -m p           --print-polfile
185           -v             --verbose
186           -s             --silent, --quiet
187           -c cfgfile     --cfgfile cfgfile
188           -p polfile     --polfile polfile
189           -S sitekey     --site-keyfile sitekey
190
191       ‐m p, --print-polfile
192              Mode selector.
193
194       ‐v, --verbose
195              Verbose output mode.  Mutually exclusive with (‐s).
196
197       ‐s, --silent, --quiet
198              Silent output mode.  Mutually exclusive with (‐v).
199
200       ‐c cfgfile, --cfgfile cfgfile
201              Use the specified configuration file.
202
203       ‐p polfile, --polfile polfile
204              Print the specified policy file.
205
206       ‐S sitekey, --site-keyfile sitekey
207              Use the specified site key file.
208
209______________________________________________________________________________
210
211   Removing encryption from a file:
212           -m R            --remove-encryption
213           -v              --verbose
214           -s              --silent, --quiet
215           -c cfgfile      --cfgfile cfgfile
216           -L localkey     --local-keyfile localkey
217           -S sitekey      --site-keyfile sitekey
218           -P passphrase   --local-passphrase passphrase
219           -Q passphrase   --site-passphrase passphrase
220           file1 [ file2... ]
221
222       ‐m R, --remove-encryption
223              Mode selector.
224
225       ‐v, --verbose
226              Verbose output mode.  Mutually exclusive with (‐s).
227
228       ‐s, --silent, --quiet
229              Silent output mode.  Mutually exclusive with (‐v).
230
231       ‐c cfgfile, --cfgfile cfgfile
232              Use the specified configuration file.
233
234       ‐L localkey, --local-keyfile localkey
235              Specify the local keyfile to use to verify database files and
236              reports.
237
238       ‐S sitekey, --site-keyfile sitekey
239              Specify the site keyfile to use to verify configuration and pol‐
240              icy files.
241
242       ‐P passphrase, --local-passphrase passphrase
243              Specify the passphrase to use when verifying with the old local
244              keyfile.
245
246       ‐Q passphrase, --site-passphrase passphrase
247              Specify the passphrase to use when verifying with the old site
248              keyfile.
249
250       file1 [ file2... ]
251              List of files from which signing is to be removed.
252
253______________________________________________________________________________
254
255   Encrypting a file:
256           -m E            --encrypt
257           -v              --verbose
258           -s              --silent, --quiet
259           -c cfgfile      --cfgfile cfgfile
260           -L localkey     --local-keyfile localkey
261           -S sitekey      --site-keyfile sitekey
262           -P passphrase   --local-passphrase passphrase
263           -Q passphrase   --site-passphrase passphrase
264           file1 [ file2... ]
265
266       ‐m E, --encrypt
267              Mode selector.
268
269       ‐v, --verbose
270              Verbose output mode.  Mutually exclusive with (‐s).
271
272       ‐s, --silent, --quiet
273              Silent output mode.  Mutually exclusive with (‐v).
274
275       ‐c cfgfile, --cfgfile cfgfile
276              Use the specified configuration file.
277
278       ‐L localkey, --local-keyfile localkey
279              Specify the local keyfile to use to sign database files and re‐
280              ports.
281
282       ‐S sitekey, --site-keyfile sitekey
283              Specify the site keyfile to use to sign configuration and policy
284              files.
285
286       ‐P passphrase, --local-passphrase passphrase
287              Specify the passphrase to use when signing with the local key‐
288              file.
289
290       ‐Q passphrase, --site-passphrase passphrase
291              Specify the passphrase to use when signing with the site key‐
292              file.
293
294       file1 [ file2... ]
295              List of files to sign using the new key(s).
296
297______________________________________________________________________________
298
299   Examining the encryption status of a file:
300           -m e           --examine
301           -v             --verbose
302           -s             --silent, --quiet
303           -c cfgfile     --cfgfile cfgfile
304           -L localkey    --local-keyfile localkey
305           -S sitekey     --site-keyfile sitekey
306           file1 [ file2... ]
307
308       ‐m e, --examine
309              Mode selector.
310
311       ‐v, --verbose
312              Verbose output mode.  Mutually exclusive with (‐s).
313
314       ‐s, --silent, --quiet
315              Silent output mode.  Mutually exclusive with (‐v).
316
317       ‐c cfgfile, --cfgfile cfgfile
318              Use the specified configuration file.
319
320       ‐L localkey, --local-keyfile localkey
321              Specifies the key to use as a local key.
322
323       ‐S sitekey, --site-keyfile sitekey
324              Specifies the key to use as a site key.
325
326       file1 [ file2... ]
327              List of files to examine.
328
329______________________________________________________________________________
330
331   Generating keys:
332           -m G            --generate-keys
333           -v              --verbose
334           -s              --silent, --quiet
335           -L localkey     --local-keyfile localkey
336           -S sitekey      --site-keyfile sitekey
337           -P passphrase   --local-passphrase passphrase
338           -Q passphrase   --site-passphrase passphrase
339
340       ‐m G, --generate-keys
341              Mode selector.
342
343       ‐v, --verbose
344              Verbose output mode.  Mutually exclusive with (‐s).
345
346       ‐s, --silent, --quiet
347              Silent output mode.  Mutually exclusive with (‐v).
348
349       ‐L localkey, --local-keyfile localkey
350              Generate the local key into the specified file.  At least one of
351              (‐L) or (‐S) must be specified.
352
353       ‐S sitekey, --site-keyfile sitekey
354              Generate the site key into the specified file.  At least one of
355              (‐S) or (‐L) must be specified.
356
357       ‐P passphrase, --local-passphrase passphrase
358              Specify local passphrase to be used when generating the local
359              key.
360
361       ‐Q passphrase, --site-passphrase passphrase
362              Specify site passphrase to be used when generating the site key.
363

VERSION INFORMATION

365       This man page describes twadmin version 2.4.1.
366

AUTHORS

368       Tripwire, Inc.
369

COPYING PERMISSIONS

371       Permission is granted to make and distribute verbatim copies of this
372       man page provided the copyright notice and this permission notice are
373       preserved on all copies.
374
375       Permission is granted to copy and distribute modified versions of this
376       man page under the conditions for verbatim copying, provided that the
377       entire resulting derived work is distributed under the terms of a per‐
378       mission notice identical to this one.
379
380       Permission is granted to copy and distribute translations of this man
381       page into another language, under the above conditions for modified
382       versions, except that this permission notice may be stated in a trans‐
383       lation approved by Tripwire, Inc.
384
385       Copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of
386       Tripwire, Inc. in the United States and other countries. All rights re‐
387       served.
388

SEE ALSO

390       twintro(8), tripwire(8), twprint(8), siggen(8), twconfig(4), twpoli‐
391       cy(4), twfiles(5)
392
393
394
395                                  1 July 2000                       TWADMIN(8)
Impressum