[Honeywall] RE: SEBEK SERVER & TRIPWIRE Configuration
esammons at hush.com
Wed Jul 30 21:12:44 EDT 2008
On Wed, 30 Jul 2008 19:49:41 -0400 Dan Kay <ctk11 at hotmail.com>
>1. Line by line command to configure Tripwire is welcome from
>anyone who has configured and use server tripwire on the honeyall
Sorry, I haven't messed with TW for a while. I think someone found
the link several of us created (that I could no longer locate) that
has at least basic TW setup.
>2. How do you configure the fencelist as i have some production
>systems to protect. (step by step guide please).
Add the IP's you don't want pots going to (1 IP or CIDR per line)
to the file $HwFWFENCE. I do not believe the file represented by
$HwFWFENCE is covered by "hwctl" (I could be wrong). If you then
type 'hwctl -r' and nothing happens, you have to manually restart
honeywall services with '/etc/init.d/hwdaemons restart'.
Others may argue "only restart rc.firewall" (your call).
I assume the config is for other questions...
>3. Please find below my config file as requested. Any
>suggestion(s) will be welcomed. I need to make it simple,
>workable and safe.
>Thanks as always.
> HwHOSTNAME=localhost HwLAN_BCAST_ADDRESS=10.10.10.255
>HwSENSOR_ID= HwUDPRATE=10 HwSEBEK_DST_IP=10.10.10.253 HwALERT=yes
>HwROACHMOTEL_ENABLE=no HwRULE_DAY=sat HwINET_IFACE=eth0
>HwQUEUE=yes HwMANAGE_NETMASK=255.255.255.0 HwTIME_SVR=
>HwSEBEK_DST_PORT=1101 HwSEBEK_LOG=yes HwHWPARMOPTS= HwSCALE=day
>HwFWFENCE=/etc/fencelist.txt HwALLOWED_TCP_IN=443 HwNICMODLIST=
>HwHONEYWALL_RUN=yes HwSSHD_PORT=22 HwBPF_DISABLE=no
>HwLAN_IFACE=eth1 HwMANAGE_GATEWAY=192.168.1.1 HwRULE_ENABLE=no
>HwDOMAIN=localdomain HwMANAGE_IFACE=eth2 HwICMPRATE=10
>HwDNS_SVRS=220.127.116.11 18.104.22.168 HwALERT_EMAIL=
>HwOTHERRATE=10 HwMANAGE_DNS=22.214.171.124 126.96.36.199 HwFWWHITE=
>HwOINKCODE= HwPCAPDAYS=45 HwRESTRICT=yes HwSNORT_RESTART=no
>Play and win great prizes with Live Search and Kung Fu Panda
More information about the Honeywall