1TWADMIN(8) System Manager's Manual TWADMIN(8)
2
6 twadmin - Tripwire administrative and utility tool
7
9 twadmin { -m F | --create-cfgfile } options...
10 configfile.txt
11 twadmin { -m f | --print-cfgfile } [ options... ]
12 twadmin { -m P | --create-polfile } [ options... ]
13 policyfile.txt
14 twadmin { -m p | --print-polfile } [ options... ]
15 twadmin { -m R | --remove-encryption } [ options... ]
16 file1 [ file2... ]
17 twadmin { -m E | --encrypt } [ options... ]
18 file1 [ file2... ]
19 twadmin { -m e | --examine } [ options... ]
20 file1 [ file2... ]
21 twadmin { -m G | --generate-keys } options...
22
24 The twadmin utility is used to perform certain administrative functions
25 related to Tripwire files and configuration options. Specifically,
26 twadmin allows encoding, decoding, signing, and verification of Trip‐
27 wire files, and provides a means to generate and change local and site
28 keys.
29 Creating a configuration file (--create-cfgfile)
31 This command mode designates an existing text file as the new configu‐
32 ration file for Tripwire. The plain text configuration file must be
33 specified on the command line. Using the site key, the new configura‐
34 tion file is encoded and saved.
35 Printing a configuration file (--print-cfgfile)
37 This command mode prints the specified encoded and signed configuration
38 file in clear-text form to standard output.
39 Replacing a policy file (--create-polfile)
41 This command mode designates an existing text file as the new policy
42 file for Tripwire. The plain text policy file must be specified on the
43 command line. Using the site key, the new policy file is encoded and
44 saved.
45 Printing a policy file (--print-polfile)
47 This command mode prints the specified encoded and signed policy file
48 in clear-text form to standard output.
49 Removing encryption from a file (--remove-encryption)
51 This command mode allows the user to remove signing from signed config‐
52 uration, policy, database, or report files. Multiple files may be
53 specified on the command line. The user will need to enter the appro‐
54 priate local or site keyfile, or both if a combination of files is to
55 be verified. Even with the cryptographic signing removed, these files
56 will be in a binary encoded (non-human-readable) form.
57 Encrypting a file (--encrypt)
59 This command mode allows the user to sign configuration, policy, data‐
60 base files, or reports. Multiple files may be specified on the command
61 line. The files will be signed using either the site or local key, as
62 appropriate for the type of file. To automate the process, the
63 passphrase for the key files can be included on the command line.
64 Examining the signing status of a file (‐‐examine)
66 This command allows the user to examine the listed files and print a
67 report of their signing status. This report displays the filename,
68 file type, whether or not a file is signed, and what key (if any) is
69 used to sign it.
70 Generating keys (--generate-keys)
72 This command mode generates site and/or local key files with names
73 specified by the user.
74
76 Creating a configuration file:
77 -m F --create-cfgfile
78 -v --verbose
79 -s --silent, --quiet
80 -c cfgfile --cfgfile cfgfile
81 -S sitekey --site-keyfile sitekey
82 -Q passphrase --site-passphrase passphrase
83 -e --no-encryption
84 configfile.txt
85 ‐m F, --create-cfgfile
87 Mode selector.
88 ‐v, --verbose
90 Verbose output mode. Mutually exclusive with (‐s).
91 ‐s, --silent, --quiet
93 Silent output mode. Mutually exclusive with (‐v).
94 ‐c cfgfile, --cfgfile cfgfile
96 Specify the destination of the encoded (and optionally signed)
97 configuration file.
98 ‐S sitekey, --site-keyfile sitekey
100 Use the specified site key file to encode and sign the new con‐
101 figuration file. Exactly one of (‐S) or (‐e) must be specified.
102 ‐Q passphrase, --site-passphrase passphrase
104 Specifies passphrase to be used with site key for configuration
105 file encoding and signing. Valid only in conjunction with (‐S).
106 ‐e, --no-encryption
108 Do not sign the configuration file being stored. The configura‐
109 tion file will still be compressed, and will not be human-read‐
110 able. Mutually exclusive with (‐Q) and (‐S).
111 configfile.txt
113 Specifies the text configuration file that will become the new
114 configuration file.
115______________________________________________________________________________
117 Printing a configuration file:
119 -m f --print-cfgfile
120 -v --verbose
121 -s --silent, --quiet
122 -c cfgfile --cfgfile cfgfile
123 ‐m f, --print-cfgfile
125 Mode selector.
126 ‐v, --verbose
128 Verbose output mode. Mutually exclusive with (‐s).
129 ‐s, --silent, --quiet
131 Silent output mode. Mutually exclusive with (‐v).
132 ‐c cfgfile, --cfgfile cfgfile
134 Print the specified configuration file.
135______________________________________________________________________________
137 Creating a policy file:
139 -m P --create-polfile
140 -v --verbose
141 -s --silent, --quiet
142 -c cfgfile --cfgfile cfgfile
143 -p polfile --polfile polfile
144 -S sitekey --site-keyfile sitekey
145 -Q passphrase --site-passphrase passphrase
146 -e --no-encryption
147 policyfile.txt
148 ‐m P, --create-polfile
150 Mode selector.
151 ‐v, --verbose
153 Verbose output mode. Mutually exclusive with (‐s).
154 ‐s, --silent, --quiet
156 Silent output mode. Mutually exclusive with (‐v).
157 ‐c cfgfile, --cfgfile cfgfile
159 Use the specified configuration file.
160 ‐p polfile, --polfile polfile
162 Specify the destination of the encoded (and optionally signed)
163 policy file.
164 ‐S sitekey, --site-keyfile sitekey
166 Use the specified site key file. Mutually exclusive with (‐e).
167 ‐Q passphrase, --site-passphrase passphrase
169 Specifies passphrase to be used with site key for policy sign‐
170 ing. Mutually exclusive with (‐e).
171 ‐e, --no-encryption
173 Do not sign the policy file being stored. The policy file will
174 still be compressed, and will not be human-readable. Mutually
175 exclusive with (‐Q) and (‐S).
176 policyfile.txt
178 Specifies the text policy file that will become the new policy
179 file.
180______________________________________________________________________________
182 Printing a policy file:
184 -m p --print-polfile
185 -v --verbose
186 -s --silent, --quiet
187 -c cfgfile --cfgfile cfgfile
188 -p polfile --polfile polfile
189 -S sitekey --site-keyfile sitekey
190 ‐m p, --print-polfile
192 Mode selector.
193 ‐v, --verbose
195 Verbose output mode. Mutually exclusive with (‐s).
196 ‐s, --silent, --quiet
198 Silent output mode. Mutually exclusive with (‐v).
199 ‐c cfgfile, --cfgfile cfgfile
201 Use the specified configuration file.
202 ‐p polfile, --polfile polfile
204 Print the specified policy file.
205 ‐S sitekey, --site-keyfile sitekey
207 Use the specified site key file.
208______________________________________________________________________________
210 Removing encryption from a file:
212 -m R --remove-encryption
213 -v --verbose
214 -s --silent, --quiet
215 -c cfgfile --cfgfile cfgfile
216 -L localkey --local-keyfile localkey
217 -S sitekey --site-keyfile sitekey
218 -P passphrase --local-passphrase passphrase
219 -Q passphrase --site-passphrase passphrase
220 file1 [ file2... ]
221 ‐m R, --remove-encryption
223 Mode selector.
224 ‐v, --verbose
226 Verbose output mode. Mutually exclusive with (‐s).
227 ‐s, --silent, --quiet
229 Silent output mode. Mutually exclusive with (‐v).
230 ‐c cfgfile, --cfgfile cfgfile
232 Use the specified configuration file.
233 ‐L localkey, --local-keyfile localkey
235 Specify the local keyfile to use to verify database files and
236 reports.
237 ‐S sitekey, --site-keyfile sitekey
239 Specify the site keyfile to use to verify configuration and pol‐
240 icy files.
241 ‐P passphrase, --local-passphrase passphrase
243 Specify the passphrase to use when verifying with the old local
244 keyfile.
245 ‐Q passphrase, --site-passphrase passphrase
247 Specify the passphrase to use when verifying with the old site
248 keyfile.
249 file1 [ file2... ]
251 List of files from which signing is to be removed.
252______________________________________________________________________________
254 Encrypting a file:
256 -m E --encrypt
257 -v --verbose
258 -s --silent, --quiet
259 -c cfgfile --cfgfile cfgfile
260 -L localkey --local-keyfile localkey
261 -S sitekey --site-keyfile sitekey
262 -P passphrase --local-passphrase passphrase
263 -Q passphrase --site-passphrase passphrase
264 file1 [ file2... ]
265 ‐m E, --encrypt
267 Mode selector.
268 ‐v, --verbose
270 Verbose output mode. Mutually exclusive with (‐s).
271 ‐s, --silent, --quiet
273 Silent output mode. Mutually exclusive with (‐v).
274 ‐c cfgfile, --cfgfile cfgfile
276 Use the specified configuration file.
277 ‐L localkey, --local-keyfile localkey
279 Specify the local keyfile to use to sign database files and re‐
280 ports.
281 ‐S sitekey, --site-keyfile sitekey
283 Specify the site keyfile to use to sign configuration and policy
284 files.
285 ‐P passphrase, --local-passphrase passphrase
287 Specify the passphrase to use when signing with the local key‐
288 file.
289 ‐Q passphrase, --site-passphrase passphrase
291 Specify the passphrase to use when signing with the site key‐
292 file.
293 file1 [ file2... ]
295 List of files to sign using the new key(s).
296______________________________________________________________________________
298 Examining the encryption status of a file:
300 -m e --examine
301 -v --verbose
302 -s --silent, --quiet
303 -c cfgfile --cfgfile cfgfile
304 -L localkey --local-keyfile localkey
305 -S sitekey --site-keyfile sitekey
306 file1 [ file2... ]
307 ‐m e, --examine
309 Mode selector.
310 ‐v, --verbose
312 Verbose output mode. Mutually exclusive with (‐s).
313 ‐s, --silent, --quiet
315 Silent output mode. Mutually exclusive with (‐v).
316 ‐c cfgfile, --cfgfile cfgfile
318 Use the specified configuration file.
319 ‐L localkey, --local-keyfile localkey
321 Specifies the key to use as a local key.
322 ‐S sitekey, --site-keyfile sitekey
324 Specifies the key to use as a site key.
325 file1 [ file2... ]
327 List of files to examine.
328______________________________________________________________________________
330 Generating keys:
332 -m G --generate-keys
333 -v --verbose
334 -s --silent, --quiet
335 -L localkey --local-keyfile localkey
336 -S sitekey --site-keyfile sitekey
337 -P passphrase --local-passphrase passphrase
338 -Q passphrase --site-passphrase passphrase
339 ‐m G, --generate-keys
341 Mode selector.
342 ‐v, --verbose
344 Verbose output mode. Mutually exclusive with (‐s).
345 ‐s, --silent, --quiet
347 Silent output mode. Mutually exclusive with (‐v).
348 ‐L localkey, --local-keyfile localkey
350 Generate the local key into the specified file. At least one of
351 (‐L) or (‐S) must be specified.
352 ‐S sitekey, --site-keyfile sitekey
354 Generate the site key into the specified file. At least one of
355 (‐S) or (‐L) must be specified.
356 ‐P passphrase, --local-passphrase passphrase
358 Specify local passphrase to be used when generating the local
359 key.
360 ‐Q passphrase, --site-passphrase passphrase
362 Specify site passphrase to be used when generating the site key.
363
365 This man page describes twadmin version 2.3.1.
366
368 Tripwire, Inc.
369
371 Permission is granted to make and distribute verbatim copies of this
372 man page provided the copyright notice and this permission notice are
373 preserved on all copies.
374 Permission is granted to copy and distribute modified versions of this
376 man page under the conditions for verbatim copying, provided that the
377 entire resulting derived work is distributed under the terms of a per‐
378 mission notice identical to this one.
379 Permission is granted to copy and distribute translations of this man
381 page into another language, under the above conditions for modified
382 versions, except that this permission notice may be stated in a trans‐
383 lation approved by Tripwire, Inc.
384 Copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of
386 Tripwire, Inc. in the United States and other countries. All rights re‐
387 served.
388
390 twintro(8), tripwire(8), twprint(8), siggen(8), twconfig(4), twpoli‐
391 cy(4), twfiles(5)
392 1 July 2000 TWADMIN(8)