1TWADMIN(8) System Manager's Manual TWADMIN(8)
2
3
4
6 twadmin - Tripwire administrative and utility tool
7
9 twadmin { -m F | --create-cfgfile } options...
10 configfile.txt
11 twadmin { -m f | --print-cfgfile } [ options... ]
12 twadmin { -m P | --create-polfile } [ options... ]
13 policyfile.txt
14 twadmin { -m p | --print-polfile } [ options... ]
15 twadmin { -m R | --remove-encryption } [ options... ]
16 file1 [ file2... ]
17 twadmin { -m E | --encrypt } [ options... ]
18 file1 [ file2... ]
19 twadmin { -m e | --examine } [ options... ]
20 file1 [ file2... ]
21 twadmin { -m G | --generate-keys } options...
22 twadmin { -m C | --change-passphrases } options...
23
25 The twadmin utility is used to perform certain administrative functions
26 related to Tripwire files and configuration options. Specifically,
27 twadmin allows encoding, decoding, signing, and verification of Trip‐
28 wire files, and provides a means to generate and change local and site
29 keys.
30
31 Creating a configuration file (--create-cfgfile)
32 This command mode designates an existing text file as the new configu‐
33 ration file for Tripwire. The plain text configuration file must be
34 specified on the command line. Using the site key, the new configura‐
35 tion file is encoded and saved.
36
37 Printing a configuration file (--print-cfgfile)
38 This command mode prints the specified encoded and signed configuration
39 file in clear-text form to standard output.
40
41 Replacing a policy file (--create-polfile)
42 This command mode designates an existing text file as the new policy
43 file for Tripwire. The plain text policy file must be specified on the
44 command line. Using the site key, the new policy file is encoded and
45 saved.
46
47 Printing a policy file (--print-polfile)
48 This command mode prints the specified encoded and signed policy file
49 in clear-text form to standard output.
50
51 Removing encryption from a file (--remove-encryption)
52 This command mode allows the user to remove signing from signed config‐
53 uration, policy, database, or report files. Multiple files may be
54 specified on the command line. The user will need to enter the appro‐
55 priate local or site keyfile, or both if a combination of files is to
56 be verified. Even with the cryptographic signing removed, these files
57 will be in a binary encoded (non-human-readable) form.
58
59 Encrypting a file (--encrypt)
60 This command mode allows the user to sign configuration, policy, data‐
61 base files, or reports. Multiple files may be specified on the command
62 line. The files will be signed using either the site or local key, as
63 appropriate for the type of file. To automate the process, the
64 passphrase for the key files can be included on the command line.
65
66 Examining the signing status of a file (‐‐examine)
67 This command allows the user to examine the listed files and print a
68 report of their signing status. This report displays the filename,
69 file type, whether or not a file is signed, and what key (if any) is
70 used to sign it.
71
72 Generating keys (--generate-keys)
73 This command mode generates site and/or local key files with names
74 specified by the user.
75
76 Changing passphrases (--change-passphrases)
77 This command reencrypts the private part of the site and/or local key
78 files using the key filenames and passphrases specified by the user.
79
81 Creating a configuration file:
82 -m F --create-cfgfile
83 -v --verbose
84 -s --silent, --quiet
85 -c cfgfile --cfgfile cfgfile
86 -S sitekey --site-keyfile sitekey
87 -Q passphrase --site-passphrase passphrase
88 -e --no-encryption
89 configfile.txt
90
91 ‐m F, --create-cfgfile
92 Mode selector.
93
94 ‐v, --verbose
95 Verbose output mode. Mutually exclusive with (‐s).
96
97 ‐s, --silent, --quiet
98 Silent output mode. Mutually exclusive with (‐v).
99
100 ‐c cfgfile, --cfgfile cfgfile
101 Specify the destination of the encoded (and optionally signed)
102 configuration file.
103
104 ‐S sitekey, --site-keyfile sitekey
105 Use the specified site key file to encode and sign the new con‐
106 figuration file. Exactly one of (‐S) or (‐e) must be specified.
107
108 ‐Q passphrase, --site-passphrase passphrase
109 Specifies passphrase to be used with site key for configuration
110 file encoding and signing. Valid only in conjunction with (‐S).
111
112 ‐e, --no-encryption
113 Do not sign the configuration file being stored. The configura‐
114 tion file will still be compressed, and will not be human-read‐
115 able. Mutually exclusive with (‐Q) and (‐S).
116
117 configfile.txt
118 Specifies the text configuration file that will become the new
119 configuration file.
120
121______________________________________________________________________________
122
123 Printing a configuration file:
124 -m f --print-cfgfile
125 -v --verbose
126 -s --silent, --quiet
127 -c cfgfile --cfgfile cfgfile
128
129 ‐m f, --print-cfgfile
130 Mode selector.
131
132 ‐v, --verbose
133 Verbose output mode. Mutually exclusive with (‐s).
134
135 ‐s, --silent, --quiet
136 Silent output mode. Mutually exclusive with (‐v).
137
138 ‐c cfgfile, --cfgfile cfgfile
139 Print the specified configuration file.
140
141______________________________________________________________________________
142
143 Creating a policy file:
144 -m P --create-polfile
145 -v --verbose
146 -s --silent, --quiet
147 -c cfgfile --cfgfile cfgfile
148 -p polfile --polfile polfile
149 -S sitekey --site-keyfile sitekey
150 -Q passphrase --site-passphrase passphrase
151 -e --no-encryption
152 policyfile.txt
153
154 ‐m P, --create-polfile
155 Mode selector.
156
157 ‐v, --verbose
158 Verbose output mode. Mutually exclusive with (‐s).
159
160 ‐s, --silent, --quiet
161 Silent output mode. Mutually exclusive with (‐v).
162
163 ‐c cfgfile, --cfgfile cfgfile
164 Use the specified configuration file.
165
166 ‐p polfile, --polfile polfile
167 Specify the destination of the encoded (and optionally signed)
168 policy file.
169
170 ‐S sitekey, --site-keyfile sitekey
171 Use the specified site key file. Mutually exclusive with (‐e).
172
173 ‐Q passphrase, --site-passphrase passphrase
174 Specifies passphrase to be used with site key for policy sign‐
175 ing. Mutually exclusive with (‐e).
176
177 ‐e, --no-encryption
178 Do not sign the policy file being stored. The policy file will
179 still be compressed, and will not be human-readable. Mutually
180 exclusive with (‐Q) and (‐S).
181
182 policyfile.txt
183 Specifies the text policy file that will become the new policy
184 file.
185
186______________________________________________________________________________
187
188 Printing a policy file:
189 -m p --print-polfile
190 -v --verbose
191 -s --silent, --quiet
192 -c cfgfile --cfgfile cfgfile
193 -p polfile --polfile polfile
194 -S sitekey --site-keyfile sitekey
195
196 ‐m p, --print-polfile
197 Mode selector.
198
199 ‐v, --verbose
200 Verbose output mode. Mutually exclusive with (‐s).
201
202 ‐s, --silent, --quiet
203 Silent output mode. Mutually exclusive with (‐v).
204
205 ‐c cfgfile, --cfgfile cfgfile
206 Use the specified configuration file.
207
208 ‐p polfile, --polfile polfile
209 Print the specified policy file.
210
211 ‐S sitekey, --site-keyfile sitekey
212 Use the specified site key file.
213
214______________________________________________________________________________
215
216 Removing encryption from a file:
217 -m R --remove-encryption
218 -v --verbose
219 -s --silent, --quiet
220 -c cfgfile --cfgfile cfgfile
221 -L localkey --local-keyfile localkey
222 -S sitekey --site-keyfile sitekey
223 -P passphrase --local-passphrase passphrase
224 -Q passphrase --site-passphrase passphrase
225 file1 [ file2... ]
226
227 ‐m R, --remove-encryption
228 Mode selector.
229
230 ‐v, --verbose
231 Verbose output mode. Mutually exclusive with (‐s).
232
233 ‐s, --silent, --quiet
234 Silent output mode. Mutually exclusive with (‐v).
235
236 ‐c cfgfile, --cfgfile cfgfile
237 Use the specified configuration file.
238
239 ‐L localkey, --local-keyfile localkey
240 Specify the local keyfile to use to verify database files and
241 reports.
242
243 ‐S sitekey, --site-keyfile sitekey
244 Specify the site keyfile to use to verify configuration and pol‐
245 icy files.
246
247 ‐P passphrase, --local-passphrase passphrase
248 Specify the passphrase to use when verifying with the old local
249 keyfile.
250
251 ‐Q passphrase, --site-passphrase passphrase
252 Specify the passphrase to use when verifying with the old site
253 keyfile.
254
255 file1 [ file2... ]
256 List of files from which signing is to be removed.
257
258______________________________________________________________________________
259
260 Encrypting a file:
261 -m E --encrypt
262 -v --verbose
263 -s --silent, --quiet
264 -c cfgfile --cfgfile cfgfile
265 -L localkey --local-keyfile localkey
266 -S sitekey --site-keyfile sitekey
267 -P passphrase --local-passphrase passphrase
268 -Q passphrase --site-passphrase passphrase
269 file1 [ file2... ]
270
271 ‐m E, --encrypt
272 Mode selector.
273
274 ‐v, --verbose
275 Verbose output mode. Mutually exclusive with (‐s).
276
277 ‐s, --silent, --quiet
278 Silent output mode. Mutually exclusive with (‐v).
279
280 ‐c cfgfile, --cfgfile cfgfile
281 Use the specified configuration file.
282
283 ‐L localkey, --local-keyfile localkey
284 Specify the local keyfile to use to sign database files and re‐
285 ports.
286
287 ‐S sitekey, --site-keyfile sitekey
288 Specify the site keyfile to use to sign configuration and policy
289 files.
290
291 ‐P passphrase, --local-passphrase passphrase
292 Specify the passphrase to use when signing with the local key‐
293 file.
294
295 ‐Q passphrase, --site-passphrase passphrase
296 Specify the passphrase to use when signing with the site key‐
297 file.
298
299 file1 [ file2... ]
300 List of files to sign using the new key(s).
301
302______________________________________________________________________________
303
304 Examining the encryption status of a file:
305 -m e --examine
306 -v --verbose
307 -s --silent, --quiet
308 -c cfgfile --cfgfile cfgfile
309 -L localkey --local-keyfile localkey
310 -S sitekey --site-keyfile sitekey
311 file1 [ file2... ]
312
313 ‐m e, --examine
314 Mode selector.
315
316 ‐v, --verbose
317 Verbose output mode. Mutually exclusive with (‐s).
318
319 ‐s, --silent, --quiet
320 Silent output mode. Mutually exclusive with (‐v).
321
322 ‐c cfgfile, --cfgfile cfgfile
323 Use the specified configuration file.
324
325 ‐L localkey, --local-keyfile localkey
326 Specifies the key to use as a local key.
327
328 ‐S sitekey, --site-keyfile sitekey
329 Specifies the key to use as a site key.
330
331 file1 [ file2... ]
332 List of files to examine.
333
334______________________________________________________________________________
335
336 Generating keys:
337 -m G --generate-keys
338 -v --verbose
339 -s --silent, --quiet
340 -L localkey --local-keyfile localkey
341 -S sitekey --site-keyfile sitekey
342 -P passphrase --local-passphrase passphrase
343 -Q passphrase --site-passphrase passphrase
344
345 ‐m G, --generate-keys
346 Mode selector.
347
348 ‐v, --verbose
349 Verbose output mode. Mutually exclusive with (‐s).
350
351 ‐s, --silent, --quiet
352 Silent output mode. Mutually exclusive with (‐v).
353
354 ‐L localkey, --local-keyfile localkey
355 Generate the local key into the specified file. At least one of
356 (‐L) or (‐S) must be specified.
357
358 ‐S sitekey, --site-keyfile sitekey
359 Generate the site key into the specified file. At least one of
360 (‐S) or (‐L) must be specified.
361
362 ‐P passphrase, --local-passphrase passphrase
363 Specify local passphrase to be used when generating the local
364 key.
365
366 ‐Q passphrase, --site-passphrase passphrase
367 Specify site passphrase to be used when generating the site key.
368
369 ‐K size, --key-size size
370 Specify the key size (1024 or 2048 bits) when generating keys.
371 (Default is 1024.)
372
373______________________________________________________________________________
374
375 Changing passphrases:
376 -m C --change-passphrases
377 -v --verbose
378 -s --silent, --quiet
379 -L localkey --local-keyfile localkey
380 -S sitekey --site-keyfile sitekey
381 -P passphrase --local-passphrase passphrase
382 -Q passphrase --site-passphrase passphrase
383 --local-passphrase-old passphraseOld
384 --site-passphrase-old passphraseOld
385
386 ‐m C, --change-passphrases
387 Mode selector.
388
389 ‐v, --verbose
390 Verbose output mode. Mutually exclusive with (‐s).
391
392 ‐s, --silent, --quiet
393 Silent output mode. Mutually exclusive with (‐v).
394
395 ‐L localkey, --local-keyfile localkey
396 Change passphrase used to encrypt the private key in the speci‐
397 fied localkey file. At least one of (‐L) or (‐S) must be speci‐
398 fied.
399
400 ‐S sitekey, --site-keyfile sitekey
401 Change passphrase used to encrypt the private key in the speci‐
402 fied sitekey file. At least one of (‐L) or (‐S) must be speci‐
403 fied.
404
405 ‐P passphrase, --local-passphrase passphrase
406 Specify passphrase used to encrypt the private key in the speci‐
407 fied localkey file.
408
409 ‐Q passphrase, --site-passphrase passphrase
410 Specify passphrase used to encrypt the private key in the speci‐
411 fied sitekey file.
412
413 --local-passphrase-old passphraseOld
414 Specify passphrase used to decrypt the private key in the speci‐
415 fied localkey file.
416
417 --site-passphrase-old passphraseOld
418 Specify passphrase used to decrypt the private key in the speci‐
419 fied sitekey file.
420
422 twadmin exits 0 on success, 1 on error.
423
425 This man page describes twadmin version 2.4.
426
428 Tripwire, Inc.
429
431 Permission is granted to make and distribute verbatim copies of this
432 man page provided the copyright notice and this permission notice are
433 preserved on all copies.
434
435 Permission is granted to copy and distribute modified versions of this
436 man page under the conditions for verbatim copying, provided that the
437 entire resulting derived work is distributed under the terms of a per‐
438 mission notice identical to this one.
439
440 Permission is granted to copy and distribute translations of this man
441 page into another language, under the above conditions for modified
442 versions, except that this permission notice may be stated in a trans‐
443 lation approved by Tripwire, Inc.
444
445 Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark
446 of Tripwire, Inc. in the United States and other countries. All rights
447 reserved.
448
450 twintro(8), tripwire(8), twprint(8), siggen(8), twconfig(4), twpoli‐
451 cy(4), twfiles(5)
452
453
454
455Open Source Tripwire 2.4 04 Jan 2018 TWADMIN(8)