twadmin - Tripwire administrative and utility tool

Authors

       Tripwire, Inc.

Copying Permissions

       Permission  is granted to make and distribute verbatim copies of this man page provided the copyright no‐
       tice and this permission notice are preserved on all copies.

       Permission is granted to copy and distribute modified versions of this man page under the conditions  for
       verbatim  copying,  provided  that  the entire resulting derived work is distributed under the terms of a
       permission notice identical to this one.

       Permission is granted to copy and distribute translations of this man page into another  language,  under
       the  above conditions for modified versions, except that this permission notice may be stated in a trans‐
       lation approved by Tripwire, Inc.

       Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire,  Inc.  in  the  United
       States and other countries. All rights reserved.

Description

The twadmin utility is used to perform certain administrative functions related to Tripwire files and
configuration options. Specifically, twadmin allows encoding, decoding, signing, and verification of
Tripwire files, and provides a means to generate and change local and site keys.

Creatingaconfigurationfile(--create-cfgfile)
This command mode designates an existing text file as the new configuration file for Tripwire. The plain
text configuration file must be specified on the command line. Using the site key, the new configuration
file is encoded and saved.

Printingaconfigurationfile(--print-cfgfile)
This command mode prints the specified encoded and signed configuration file in clear-text form to
standard output.

Replacingapolicyfile(--create-polfile)
This command mode designates an existing text file as the new policy file for Tripwire. The plain text
policy file must be specified on the command line. Using the site key, the new policy file is encoded
and saved.

Printingapolicyfile(--print-polfile)
This command mode prints the specified encoded and signed policy file in clear-text form to standard
output.

Removingencryptionfromafile(--remove-encryption)
This command mode allows the user to remove signing from signed configuration, policy, database, or
report files. Multiple files may be specified on the command line. The user will need to enter the
appropriate local or site keyfile, or both if a combination of files is to be verified. Even with the
cryptographic signing removed, these files will be in a binary encoded (non-human-readable) form.

Encryptingafile(--encrypt)
This command mode allows the user to sign configuration, policy, database files, or reports. Multiple
files may be specified on the command line. The files will be signed using either the site or local key,
as appropriate for the type of file. To automate the process, the passphrase for the key files can be
included on the command line.

Examiningthesigningstatusofafile(--examine)
This command allows the user to examine the listed files and print a report of their signing status.
This report displays the filename, file type, whether or not a file is signed, and what key (if any) is
used to sign it.

Generatingkeys(--generate-keys)
This command mode generates site and/or local key files with names specified by the user.

Changingpassphrases(--change-passphrases)
This command reencrypts the private part of the site and/or local key files using the key filenames and
passphrases specified by the user.

Exit Status

twadmin exits 0 on success, 1 on error.

Name

       twadmin - Tripwire administrative and utility tool

Options

Creatingaconfigurationfile:-mF--create-cfgfile-v--verbose-s--silent, --quiet-ccfgfile--cfgfilecfgfile-Ssitekey--site-keyfilesitekey-Qpassphrase--site-passphrasepassphrase-e--no-encryptionconfigfile.txt-mF, --create-cfgfile
Mode selector.

-v, --verbose
Verbose output mode. Mutually exclusive with (-s).

-s, --silent, --quiet
Silent output mode. Mutually exclusive with (-v).

-ccfgfile, --cfgfilecfgfile
Specify the destination of the encoded (and optionally signed) configuration file.

-Ssitekey, --site-keyfilesitekey
Use the specified site key file to encode and sign the new configuration file. Exactly one of
(-S) or (-e) must be specified.

-Qpassphrase, --site-passphrasepassphrase
Specifies passphrase to be used with site key for configuration file encoding and signing. Valid
only in conjunction with (-S).

-e, --no-encryption
Do not sign the configuration file being stored. The configuration file will still be compressed,
and will not be human-readable. Mutually exclusive with (-Q) and (-S).

configfile.txt
Specifies the text configuration file that will become the new configuration file.

________________________________________________________________________________________________________________

Printingaconfigurationfile:-mf--print-cfgfile-v--verbose-s--silent, --quiet-ccfgfile--cfgfilecfgfile-mf, --print-cfgfile
Mode selector.

-v, --verbose
Verbose output mode. Mutually exclusive with (-s).

-s, --silent, --quiet
Silent output mode. Mutually exclusive with (-v).

-ccfgfile, --cfgfilecfgfile
Print the specified configuration file.

________________________________________________________________________________________________________________
Creatingapolicyfile:-mP--create-polfile-v--verbose-s--silent, --quiet-ccfgfile--cfgfilecfgfile-ppolfile--polfilepolfile-Ssitekey--site-keyfilesitekey-Qpassphrase--site-passphrasepassphrase-e--no-encryptionpolicyfile.txt-mP, --create-polfile
Mode selector.

-v, --verbose
Verbose output mode. Mutually exclusive with (-s).

-s, --silent, --quiet
Silent output mode. Mutually exclusive with (-v).

-ccfgfile, --cfgfilecfgfile
Use the specified configuration file.

-ppolfile, --polfilepolfile
Specify the destination of the encoded (and optionally signed) policy file.

-Ssitekey, --site-keyfilesitekey
Use the specified site key file. Mutually exclusive with (-e).

-Qpassphrase, --site-passphrasepassphrase
Specifies passphrase to be used with site key for policy signing. Mutually exclusive with (-e).

-e, --no-encryption
Do not sign the policy file being stored. The policy file will still be compressed, and will not
be human-readable. Mutually exclusive with (-Q) and (-S).

policyfile.txt
Specifies the text policy file that will become the new policy file.

________________________________________________________________________________________________________________

Printingapolicyfile:-mp--print-polfile-v--verbose-s--silent, --quiet-ccfgfile--cfgfilecfgfile-ppolfile--polfilepolfile-Ssitekey--site-keyfilesitekey-mp, --print-polfile
Mode selector.

-v, --verbose
Verbose output mode. Mutually exclusive with (-s).

-s, --silent, --quiet
Silent output mode. Mutually exclusive with (-v).

-ccfgfile, --cfgfilecfgfile
Use the specified configuration file.

-ppolfile, --polfilepolfile
Print the specified policy file.

-Ssitekey, --site-keyfilesitekey
Use the specified site key file.

________________________________________________________________________________________________________________

Removingencryptionfromafile:-mR--remove-encryption-v--verbose-s--silent, --quiet-ccfgfile--cfgfilecfgfile-Llocalkey--local-keyfilelocalkey-Ssitekey--site-keyfilesitekey-Ppassphrase--local-passphrasepassphrase-Qpassphrase--site-passphrasepassphrasefile1 [ file2... ]

-mR, --remove-encryption
Mode selector.

-v, --verbose
Verbose output mode. Mutually exclusive with (-s).

-s, --silent, --quiet
Silent output mode. Mutually exclusive with (-v).

-ccfgfile, --cfgfilecfgfile
Use the specified configuration file.

-Llocalkey, --local-keyfilelocalkey
Specify the local keyfile to use to verify database files and reports.

-Ssitekey, --site-keyfilesitekey
Specify the site keyfile to use to verify configuration and policy files.

-Ppassphrase, --local-passphrasepassphrase
Specify the passphrase to use when verifying with the old local keyfile.

-Qpassphrase, --site-passphrasepassphrase
Specify the passphrase to use when verifying with the old site keyfile.

file1 [ file2... ]
List of files from which signing is to be removed.

________________________________________________________________________________________________________________
Encryptingafile:-mE--encrypt-v--verbose-s--silent, --quiet-ccfgfile--cfgfilecfgfile-Llocalkey--local-keyfilelocalkey-Ssitekey--site-keyfilesitekey-Ppassphrase--local-passphrasepassphrase-Qpassphrase--site-passphrasepassphrasefile1 [ file2... ]

-mE, --encrypt
Mode selector.

-v, --verbose
Verbose output mode. Mutually exclusive with (-s).

-s, --silent, --quiet
Silent output mode. Mutually exclusive with (-v).

-ccfgfile, --cfgfilecfgfile
Use the specified configuration file.

-Llocalkey, --local-keyfilelocalkey
Specify the local keyfile to use to sign database files and reports.

-Ssitekey, --site-keyfilesitekey
Specify the site keyfile to use to sign configuration and policy files.

-Ppassphrase, --local-passphrasepassphrase
Specify the passphrase to use when signing with the local keyfile.

-Qpassphrase, --site-passphrasepassphrase
Specify the passphrase to use when signing with the site keyfile.

file1 [ file2... ]
List of files to sign using the new key(s).

________________________________________________________________________________________________________________
Examiningtheencryptionstatusofafile:-me--examine-v--verbose-s--silent, --quiet-ccfgfile--cfgfilecfgfile-Llocalkey--local-keyfilelocalkey-Ssitekey--site-keyfilesitekeyfile1 [ file2... ]

-me, --examine
Mode selector.

-v, --verbose
Verbose output mode. Mutually exclusive with (-s).

-s, --silent, --quiet
Silent output mode. Mutually exclusive with (-v).

-ccfgfile, --cfgfilecfgfile
Use the specified configuration file.

-Llocalkey, --local-keyfilelocalkey
Specifies the key to use as a local key.

-Ssitekey, --site-keyfilesitekey
Specifies the key to use as a site key.

file1 [ file2... ]
List of files to examine.

________________________________________________________________________________________________________________
Generatingkeys:-mG--generate-keys-v--verbose-s--silent, --quiet-Llocalkey--local-keyfilelocalkey-Ssitekey--site-keyfilesitekey-Ppassphrase--local-passphrasepassphrase-Qpassphrase--site-passphrasepassphrase-mG, --generate-keys
Mode selector.

-v, --verbose
Verbose output mode. Mutually exclusive with (-s).

-s, --silent, --quiet
Silent output mode. Mutually exclusive with (-v).

-Llocalkey, --local-keyfilelocalkey
Generate the local key into the specified file. At least one of (-L) or (-S) must be specified.

-Ssitekey, --site-keyfilesitekey
Generate the site key into the specified file. At least one of (-S) or (-L) must be specified.

-Ppassphrase, --local-passphrasepassphrase
Specify local passphrase to be used when generating the local key.

-Qpassphrase, --site-passphrasepassphrase
Specify site passphrase to be used when generating the site key.

‐Ksize, --key-sizesize
Specify the key size (1024 or 2048 bits) when generating keys. (Default is 1024.)

________________________________________________________________________________________________________________
Changingpassphrases:-mC--change-passphrases-v--verbose-s--silent, --quiet-Llocalkey--local-keyfilelocalkey-Ssitekey--site-keyfilesitekey-Ppassphrase--local-passphrasepassphrase-Qpassphrase--site-passphrasepassphrase--local-passphrase-oldpassphraseOld--site-passphrase-oldpassphraseOld-mC, --change-passphrases
Mode selector.

-v, --verbose
Verbose output mode. Mutually exclusive with (-s).

-s, --silent, --quiet
Silent output mode. Mutually exclusive with (-v).

-Llocalkey, --local-keyfilelocalkey
Change passphrase used to encrypt the private key in the specified localkey file. At least one of
(-L) or (-S) must be specified.

-Ssitekey, --site-keyfilesitekey
Change passphrase used to encrypt the private key in the specified sitekey file. At least one of
(-L) or (-S) must be specified.

-Ppassphrase, --local-passphrasepassphrase
Specify passphrase used to encrypt the private key in the specified localkey file.

-Qpassphrase, --site-passphrasepassphrase
Specify passphrase used to encrypt the private key in the specified sitekey file.

--local-passphrase-oldpassphraseOld
Specify passphrase used to decrypt the private key in the specified localkey file.

--site-passphrase-oldpassphraseOld
Specify passphrase used to decrypt the private key in the specified sitekey file.

Synopsis

twadmin { -mF | --create-cfgfile }  options...configfile.txttwadmin { -mf | --print-cfgfile } [ options... ]
       twadmin { -mP | --create-polfile } [ options... ]
            policyfile.txttwadmin { -mp | --print-polfile } [ options... ]
       twadmin { -mR | --remove-encryption } [ options... ]
            file1 [ file2... ]
       twadmin { -mE | --encrypt } [ options... ]
            file1 [ file2... ]
       twadmin { -me | --examine } [ options... ]
            file1 [ file2... ]
       twadmin { -mG | --generate-keys } options...twadmin { -mC | --change-passphrases } options...

Version Information

       This man page describes twadmin version 2.4.

twadmin - Tripwire administrative and utility tool

Contents

Authors

Copying Permissions

Description

Exit Status

Name

Options

See Also

Synopsis

Version Information

See Also