1TWADMIN(8) System Manager's Manual TWADMIN(8)
2
3
4
6 twadmin - Tripwire administrative and utility tool
7
9 twadmin { -m F | --create-cfgfile } options...
10 configfile.txt
11 twadmin { -m f | --print-cfgfile } [ options... ]
12 twadmin { -m P | --create-polfile } [ options... ]
13 policyfile.txt
14 twadmin { -m p | --print-polfile } [ options... ]
15 twadmin { -m R | --remove-encryption } [ options... ]
16 file1 [ file2... ]
17 twadmin { -m E | --encrypt } [ options... ]
18 file1 [ file2... ]
19 twadmin { -m e | --examine } [ options... ]
20 file1 [ file2... ]
21 twadmin { -m G | --generate-keys } options...
22
24 The twadmin utility is used to perform certain administrative functions
25 related to Tripwire files and configuration options. Specifically,
26 twadmin allows encoding, decoding, signing, and verification of Trip‐
27 wire files, and provides a means to generate and change local and site
28 keys.
29
30 Creating a configuration file (--create-cfgfile)
31 This command mode designates an existing text file as the new configu‐
32 ration file for Tripwire. The plain text configuration file must be
33 specified on the command line. Using the site key, the new configura‐
34 tion file is encoded and saved.
35
36 Printing a configuration file (--print-cfgfile)
37 This command mode prints the specified encoded and signed configuration
38 file in clear-text form to standard output.
39
40 Replacing a policy file (--create-polfile)
41 This command mode designates an existing text file as the new policy
42 file for Tripwire. The plain text policy file must be specified on the
43 command line. Using the site key, the new policy file is encoded and
44 saved.
45
46 Printing a policy file (--print-polfile)
47 This command mode prints the specified encoded and signed policy file
48 in clear-text form to standard output.
49
50 Removing encryption from a file (--remove-encryption)
51 This command mode allows the user to remove signing from signed config‐
52 uration, policy, database, or report files. Multiple files may be
53 specified on the command line. The user will need to enter the appro‐
54 priate local or site keyfile, or both if a combination of files is to
55 be verified. Even with the cryptographic signing removed, these files
56 will be in a binary encoded (non-human-readable) form.
57
58 Encrypting a file (--encrypt)
59 This command mode allows the user to sign configuration, policy, data‐
60 base files, or reports. Multiple files may be specified on the command
61 line. The files will be signed using either the site or local key, as
62 appropriate for the type of file. To automate the process, the
63 passphrase for the key files can be included on the command line.
64
65 Examining the signing status of a file (‐‐examine)
66 This command allows the user to examine the listed files and print a
67 report of their signing status. This report displays the filename,
68 file type, whether or not a file is signed, and what key (if any) is
69 used to sign it.
70
71 Generating keys (--generate-keys)
72 This command mode generates site and/or local key files with names
73 specified by the user.
74
76 Creating a configuration file:
77 -m F --create-cfgfile
78 -v --verbose
79 -s --silent, --quiet
80 -c cfgfile --cfgfile cfgfile
81 -S sitekey --site-keyfile sitekey
82 -Q passphrase --site-passphrase passphrase
83 -e --no-encryption
84 configfile.txt
85
86 ‐m F, --create-cfgfile
87 Mode selector.
88
89 ‐v, --verbose
90 Verbose output mode. Mutually exclusive with (‐s).
91
92 ‐s, --silent, --quiet
93 Silent output mode. Mutually exclusive with (‐v).
94
95 ‐c cfgfile, --cfgfile cfgfile
96 Specify the destination of the encoded (and optionally signed)
97 configuration file.
98
99 ‐S sitekey, --site-keyfile sitekey
100 Use the specified site key file to encode and sign the new con‐
101 figuration file. Exactly one of (‐S) or (‐e) must be specified.
102
103 ‐Q passphrase, --site-passphrase passphrase
104 Specifies passphrase to be used with site key for configuration
105 file encoding and signing. Valid only in conjunction with (‐S).
106
107 ‐e, --no-encryption
108 Do not sign the configuration file being stored. The configura‐
109 tion file will still be compressed, and will not be human-read‐
110 able. Mutually exclusive with (‐Q) and (‐S).
111
112 configfile.txt
113 Specifies the text configuration file that will become the new
114 configuration file.
115
116______________________________________________________________________________
117
118 Printing a configuration file:
119 -m f --print-cfgfile
120 -v --verbose
121 -s --silent, --quiet
122 -c cfgfile --cfgfile cfgfile
123
124 ‐m f, --print-cfgfile
125 Mode selector.
126
127 ‐v, --verbose
128 Verbose output mode. Mutually exclusive with (‐s).
129
130 ‐s, --silent, --quiet
131 Silent output mode. Mutually exclusive with (‐v).
132
133 ‐c cfgfile, --cfgfile cfgfile
134 Print the specified configuration file.
135
136______________________________________________________________________________
137
138 Creating a policy file:
139 -m P --create-polfile
140 -v --verbose
141 -s --silent, --quiet
142 -c cfgfile --cfgfile cfgfile
143 -p polfile --polfile polfile
144 -S sitekey --site-keyfile sitekey
145 -Q passphrase --site-passphrase passphrase
146 -e --no-encryption
147 policyfile.txt
148
149 ‐m P, --create-polfile
150 Mode selector.
151
152 ‐v, --verbose
153 Verbose output mode. Mutually exclusive with (‐s).
154
155 ‐s, --silent, --quiet
156 Silent output mode. Mutually exclusive with (‐v).
157
158 ‐c cfgfile, --cfgfile cfgfile
159 Use the specified configuration file.
160
161 ‐p polfile, --polfile polfile
162 Specify the destination of the encoded (and optionally signed)
163 policy file.
164
165 ‐S sitekey, --site-keyfile sitekey
166 Use the specified site key file. Mutually exclusive with (‐e).
167
168 ‐Q passphrase, --site-passphrase passphrase
169 Specifies passphrase to be used with site key for policy sign‐
170 ing. Mutually exclusive with (‐e).
171
172 ‐e, --no-encryption
173 Do not sign the policy file being stored. The policy file will
174 still be compressed, and will not be human-readable. Mutually
175 exclusive with (‐Q) and (‐S).
176
177 policyfile.txt
178 Specifies the text policy file that will become the new policy
179 file.
180
181______________________________________________________________________________
182
183 Printing a policy file:
184 -m p --print-polfile
185 -v --verbose
186 -s --silent, --quiet
187 -c cfgfile --cfgfile cfgfile
188 -p polfile --polfile polfile
189 -S sitekey --site-keyfile sitekey
190
191 ‐m p, --print-polfile
192 Mode selector.
193
194 ‐v, --verbose
195 Verbose output mode. Mutually exclusive with (‐s).
196
197 ‐s, --silent, --quiet
198 Silent output mode. Mutually exclusive with (‐v).
199
200 ‐c cfgfile, --cfgfile cfgfile
201 Use the specified configuration file.
202
203 ‐p polfile, --polfile polfile
204 Print the specified policy file.
205
206 ‐S sitekey, --site-keyfile sitekey
207 Use the specified site key file.
208
209______________________________________________________________________________
210
211 Removing encryption from a file:
212 -m R --remove-encryption
213 -v --verbose
214 -s --silent, --quiet
215 -c cfgfile --cfgfile cfgfile
216 -L localkey --local-keyfile localkey
217 -S sitekey --site-keyfile sitekey
218 -P passphrase --local-passphrase passphrase
219 -Q passphrase --site-passphrase passphrase
220 file1 [ file2... ]
221
222 ‐m R, --remove-encryption
223 Mode selector.
224
225 ‐v, --verbose
226 Verbose output mode. Mutually exclusive with (‐s).
227
228 ‐s, --silent, --quiet
229 Silent output mode. Mutually exclusive with (‐v).
230
231 ‐c cfgfile, --cfgfile cfgfile
232 Use the specified configuration file.
233
234 ‐L localkey, --local-keyfile localkey
235 Specify the local keyfile to use to verify database files and
236 reports.
237
238 ‐S sitekey, --site-keyfile sitekey
239 Specify the site keyfile to use to verify configuration and pol‐
240 icy files.
241
242 ‐P passphrase, --local-passphrase passphrase
243 Specify the passphrase to use when verifying with the old local
244 keyfile.
245
246 ‐Q passphrase, --site-passphrase passphrase
247 Specify the passphrase to use when verifying with the old site
248 keyfile.
249
250 file1 [ file2... ]
251 List of files from which signing is to be removed.
252
253______________________________________________________________________________
254
255 Encrypting a file:
256 -m E --encrypt
257 -v --verbose
258 -s --silent, --quiet
259 -c cfgfile --cfgfile cfgfile
260 -L localkey --local-keyfile localkey
261 -S sitekey --site-keyfile sitekey
262 -P passphrase --local-passphrase passphrase
263 -Q passphrase --site-passphrase passphrase
264 file1 [ file2... ]
265
266 ‐m E, --encrypt
267 Mode selector.
268
269 ‐v, --verbose
270 Verbose output mode. Mutually exclusive with (‐s).
271
272 ‐s, --silent, --quiet
273 Silent output mode. Mutually exclusive with (‐v).
274
275 ‐c cfgfile, --cfgfile cfgfile
276 Use the specified configuration file.
277
278 ‐L localkey, --local-keyfile localkey
279 Specify the local keyfile to use to sign database files and re‐
280 ports.
281
282 ‐S sitekey, --site-keyfile sitekey
283 Specify the site keyfile to use to sign configuration and policy
284 files.
285
286 ‐P passphrase, --local-passphrase passphrase
287 Specify the passphrase to use when signing with the local key‐
288 file.
289
290 ‐Q passphrase, --site-passphrase passphrase
291 Specify the passphrase to use when signing with the site key‐
292 file.
293
294 file1 [ file2... ]
295 List of files to sign using the new key(s).
296
297______________________________________________________________________________
298
299 Examining the encryption status of a file:
300 -m e --examine
301 -v --verbose
302 -s --silent, --quiet
303 -c cfgfile --cfgfile cfgfile
304 -L localkey --local-keyfile localkey
305 -S sitekey --site-keyfile sitekey
306 file1 [ file2... ]
307
308 ‐m e, --examine
309 Mode selector.
310
311 ‐v, --verbose
312 Verbose output mode. Mutually exclusive with (‐s).
313
314 ‐s, --silent, --quiet
315 Silent output mode. Mutually exclusive with (‐v).
316
317 ‐c cfgfile, --cfgfile cfgfile
318 Use the specified configuration file.
319
320 ‐L localkey, --local-keyfile localkey
321 Specifies the key to use as a local key.
322
323 ‐S sitekey, --site-keyfile sitekey
324 Specifies the key to use as a site key.
325
326 file1 [ file2... ]
327 List of files to examine.
328
329______________________________________________________________________________
330
331 Generating keys:
332 -m G --generate-keys
333 -v --verbose
334 -s --silent, --quiet
335 -L localkey --local-keyfile localkey
336 -S sitekey --site-keyfile sitekey
337 -P passphrase --local-passphrase passphrase
338 -Q passphrase --site-passphrase passphrase
339
340 ‐m G, --generate-keys
341 Mode selector.
342
343 ‐v, --verbose
344 Verbose output mode. Mutually exclusive with (‐s).
345
346 ‐s, --silent, --quiet
347 Silent output mode. Mutually exclusive with (‐v).
348
349 ‐L localkey, --local-keyfile localkey
350 Generate the local key into the specified file. At least one of
351 (‐L) or (‐S) must be specified.
352
353 ‐S sitekey, --site-keyfile sitekey
354 Generate the site key into the specified file. At least one of
355 (‐S) or (‐L) must be specified.
356
357 ‐P passphrase, --local-passphrase passphrase
358 Specify local passphrase to be used when generating the local
359 key.
360
361 ‐Q passphrase, --site-passphrase passphrase
362 Specify site passphrase to be used when generating the site key.
363
365 This man page describes twadmin version 2.4.1.
366
368 Tripwire, Inc.
369
371 Permission is granted to make and distribute verbatim copies of this
372 man page provided the copyright notice and this permission notice are
373 preserved on all copies.
374
375 Permission is granted to copy and distribute modified versions of this
376 man page under the conditions for verbatim copying, provided that the
377 entire resulting derived work is distributed under the terms of a per‐
378 mission notice identical to this one.
379
380 Permission is granted to copy and distribute translations of this man
381 page into another language, under the above conditions for modified
382 versions, except that this permission notice may be stated in a trans‐
383 lation approved by Tripwire, Inc.
384
385 Copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of
386 Tripwire, Inc. in the United States and other countries. All rights re‐
387 served.
388
390 twintro(8), tripwire(8), twprint(8), siggen(8), twconfig(4), twpoli‐
391 cy(4), twfiles(5)
392
393
394
395 1 July 2000 TWADMIN(8)