[Honeywall] RE: SEBEK SERVER & TRIPWIRE Configuration

Earl esammons at hush.com
Wed Jul 30 21:12:44 EDT 2008


On Wed, 30 Jul 2008 19:49:41 -0400 Dan Kay <ctk11 at hotmail.com> 
wrote:
>1. Line by line command to configure Tripwire is welcome from 
>anyone who has configured and use server tripwire on the honeyall 
>roo before.

Sorry, I haven't messed with TW for a while.  I think someone found 
the link several of us created (that I could no longer locate) that 
has at least basic TW setup.

>2. How do you configure the fencelist as i have some production 
>systems to protect.  (step by step guide please).

Add the IP's you don't want pots going to (1 IP or CIDR per line) 
to the file $HwFWFENCE.  I do not believe the file represented by 
$HwFWFENCE is covered by "hwctl" (I could be wrong).  If you then 
type 'hwctl -r' and nothing happens, you have to manually restart 
honeywall services with '/etc/init.d/hwdaemons restart'.
Others may argue "only restart rc.firewall" (your call).

I assume the config is for other questions...

Earl

>3. Please find below my config file as requested.  Any 
>suggestion(s) will be welcomed.  I need to make it simple, 
>workable and safe.
>Thanks as always.
> 
> HwHOSTNAME=localhost HwLAN_BCAST_ADDRESS=10.10.10.255 
>HwSENSOR_ID= HwUDPRATE=10 HwSEBEK_DST_IP=10.10.10.253 HwALERT=yes 
>HwROACHMOTEL_ENABLE=no HwRULE_DAY=sat HwINET_IFACE=eth0 
>HwQUEUE=yes HwMANAGE_NETMASK=255.255.255.0 HwTIME_SVR= 
>HwSEBEK_DST_PORT=1101 HwSEBEK_LOG=yes HwHWPARMOPTS= HwSCALE=day 
>HwFWFENCE=/etc/fencelist.txt HwALLOWED_TCP_IN=443 HwNICMODLIST= 
>HwMANAGE_IP=192.168.1.10 HwFWBLACK=/etc/blacklist.txt 
>HwHONEYWALL_RUN=yes HwSSHD_PORT=22 HwBPF_DISABLE=no 
>HwLAN_IFACE=eth1 HwMANAGE_GATEWAY=192.168.1.1 HwRULE_ENABLE=no 
>HwDOMAIN=localdomain HwMANAGE_IFACE=eth2 HwICMPRATE=10 
>HwDNS_SVRS=194.73.73.172 194.73.73.173 HwALERT_EMAIL= 
>HwOTHERRATE=10 HwMANAGE_DNS=194.73.73.172 194.73.73.173 HwFWWHITE= 
>HwOINKCODE= HwPCAPDAYS=45 HwRESTRICT=yes HwSNORT_RESTART=no 
>HwMANAGE_STARTUP=yes HwDBDAYS=180
>_________________________________________________________________
>Play and win great prizes with Live Search and Kung Fu Panda
>http://clk.atdmt.com/UKM/go/101719966/direct/01/



More information about the Honeywall mailing list