- objects.C
- objects.C_41
- objects_5_0.C
- rules.C
- rulebases.fws
- rulebases_5_0.fws
1. Scripting
Expert mode
Cd /home/tttt/audit
ls -alF /var/opt/CPsuite-R75.40/fw1/conf/ > dir.md5
create script integrity_check.sh
vi integrity_check.sh or cat > integrity_check.sh (CTRL+D
to end )
#!/bin/bash
MD5_1="$(md5sum
'dir1.md5' | cut -d ' ' -f 1)"
ls -alF
/var/opt/CPsuite-R75.40/fw1/conf/ > dir.md5
sed "/prov_agent_state.conf/d" < dir.md5 > dir1.md5
sed "/prov_agent_state.conf/d" < dir.md5 > dir1.md5
MD5_2="$(md5sum
'dir1.md5' | cut -d ' ' -f 1)"
echo $MD5_1
echo $MD5_2
if [ $MD5_1 == $MD5_2
]
then echo "No
Changes"
else echo
"Changed"
fi
chmod 755 integrity_check.sh
./integrity_check.sh
[Expert@CP]# ./integrity_check.sh
9d57784519e7571d38cbded6d1de9c97
9d57784519e7571d38cbded6d1de9c97
No Changes
2. Some important changed files after a policy push
[Expert@Pub2]# ls -l | grep Jul
-rw-rw-r-- 1 admin config 19 Jul 25 13:55 adlog_muh.dbidl
-rw-rw---- 1 admin root 57441 Jul 25 13:54 cache_pm_buffers.bin
-rw-rw---- 1 admin root 565 Jul 25 13:55 log_policy.C
-rw-rw---- 1 admin root 65 Jul 25 13:54 masters
-rw-rw-r-- 1 admin config 281 Jul 25 18:06 prov_agent_state.conf
-rwxrwx--- 1 admin bin 328 Jul 25 13:54 smtp.conf
-rw-rw---- 1 admin root 46422 Jul 25 13:54 thresholds.conf
[Expert@Pub-cp2]# cd /opt/CPsuite-R75.40/fw1/database
[Expert@Pub-cp2]# ls -l | grep Jul
drwxrwxr-x 2 admin config 4096 Jul 25 17:58 CrlCache_1
-rw-rw---- 1 admin root 33703 Jul 25 13:54 Sandbox-persistence.xml
drwxrwx--- 2 admin root 4096 Jul 25 18:06 SessionCache_1
-rw-rw---- 1 admin root 3 Jul 25 13:54 ad_query_profiles.C
-rw-rw---- 1 admin root 5468 Jul 25 13:54 authentication_objects.C
-rw-rw---- 1 admin root 6077 Jul 25 13:54 connectra_global_properties.C
-rw-rw---- 1 admin root 436 Jul 25 13:54 connectra_policy.C
-rw-rw---- 1 admin root 20481 Jul 25 17:41 cookiedb.NDB
-rw-rw---- 1 admin root 680 Jul 25 13:54 current_recovery.profile
-rw-rw---- 1 admin root 26781 Jul 25 13:54 data_files.C
-rw-rw---- 1 admin root 20481 Jul 25 17:41 deldb.NDB
-rw-rw---- 1 admin root 3 Jul 25 13:54 domain_objects_for_web_applications.C
-rw-rw---- 1 admin root 610 Jul 25 13:55 doubleSignCerts.C
-rw-rw---- 1 admin root 28 Jul 25 13:55 dynamic_objects.db
-rw-rw---- 1 admin root 5096 Jul 25 13:54 embedded_applications.C
-rw-rw---- 1 admin root 984 Jul 25 13:54 eps_notify.html
-rw-rw---- 1 admin root 1667 Jul 25 13:54 eps_notify.mail
-rw-rw---- 1 admin root 143361 Jul 25 13:55 fwauth.NDB
-rw-rw---- 1 admin root 0 Jul 25 13:54 fwuserauth.keys
-rw-rw---- 1 admin root 209697 Jul 25 13:54 ics_configuration.C
-rw-rw---- 1 admin root 3 Jul 25 13:54 identity_roles.C
-rw-rw---- 1 admin root 675 Jul 25 13:54 inspect.lf
-rw-rw---- 1 admin root 5356 Jul 25 13:54 languages.C
drwx------ 2 admin root 4096 Jul 25 13:54 logo
-rw-rw---- 1 admin root 40757 Jul 25 13:54 magic
-rw-rw---- 1 admin root 878700 Jul 25 13:54 magic.mgc
-rw-rw---- 1 admin root 35 Jul 25 13:54 mgmt_dhcp_data.C
-rw-rw---- 1 admin root 99 Jul 25 13:54 mv_tag.C
-rw-rw---- 1 admin root 1597 Jul 25 13:54 nac_agents.C
-rw-rw---- 1 admin root 2691 Jul 25 13:54 network_applications.C
-rw-rw---- 1 admin root 14909807 Jul 25 13:54 objects.C
-rw-rw---- 1 admin root 4940 Jul 25 13:54 products_updates.C
-rw-rw---- 1 admin root 3281 Jul 25 13:54 rad_services.C
-rw-rw---- 1 admin root 42342 Jul 25 13:54 request.xml
-rw-rw---- 1 admin root 6328 Jul 25 13:54 rulebase_tracks.C
-rw-rw---- 1 admin root 1128385 Jul 25 13:54 rules.C
-rw-rw---- 1 admin root 111 Jul 25 13:54 smart-center-servers.properties
-rw-rw---- 1 admin root 3 Jul 25 13:54 ssl_certificates.C
-rw-rw---- 1 admin root 937245 Jul 25 13:54 ssl_inspection.C
-rw-rw---- 1 admin root 72986 Jul 25 13:54 user_check_interactions.C
-rw-rw---- 1 admin root 0 Jul 25 13:54 userdef.C
3. Automatic Process
such as Tripwire doc shows detailed procedures how to do it.another pdf file: http://www.it-secure.com/downloads/tfs-check_point.pdf
No comments:
Post a Comment