From c4f0bf8b864410684699e340c7c17b4bb9d44dbd Mon Sep 17 00:00:00 2001 From: Kern Sibbald Date: Sun, 11 Nov 2007 15:28:01 +0000 Subject: [PATCH] Updates from Tobias Rautenkranz --- docs/manual-de/verify.tex | 81 ++++++++++++++++++++------------------- docs/manual-fr/verify.tex | 81 ++++++++++++++++++++------------------- docs/manual/verify.tex | 56 ++++++++++++++------------- 3 files changed, 114 insertions(+), 104 deletions(-) diff --git a/docs/manual-de/verify.tex b/docs/manual-de/verify.tex index 1c16850f..17261587 100644 --- a/docs/manual-de/verify.tex +++ b/docs/manual-de/verify.tex @@ -1,12 +1,15 @@ %% %% -\section*{Using Bacula to Improve Computer Security} -\label{_ChapterStart45} +% TODO: this chapter name is confusing ... maybe rename to +% TODO: "File Integrity Checking with Bacula"? +\chapter{Using Bacula to Improve Computer Security} +\label{VerifyChapter} \index[general]{Security!Using Bacula to Improve Computer } \index[general]{Using Bacula to Improve Computer Security } -\addcontentsline{toc}{section}{Using Bacula to Improve Computer Security} +% TODO: only those two digest algorithms? +% TODO: can it use multiple at a time? (record and use both SHA1 and MD5?) Since Bacula maintains a catalog of files, their attributes, and either SHA1 or MD5 signatures, it can be an ideal tool for improving computer security. This is done by making a snapshot of your system files with a {\bf Verify} Job @@ -47,9 +50,8 @@ Then you decide what attributes of each file you want compared by specifying comparison options on the {\bf Include} statements that you use in the {\bf FileSet} resource of your {\bf Catalog} Jobs. -\subsection*{The Details} +\section{The Details} \index[general]{Details } -\addcontentsline{toc}{subsection}{Details} In the discussion that follows, we will make reference to the Verify Configuration Example that is included below in the {\bf A Verify @@ -102,15 +104,14 @@ choose all unchanging important system files. Then if any of those files has changed, you will be notified, and you can determine if it changed because you loaded a new package, or because someone has broken into your computer and modified your files. The example below shows a list of files that I use on my -RedHat 7.3 system. Since I didn't spend a lot of time working on it, it +Red Hat 7.3 system. Since I didn't spend a lot of time working on it, it probably is missing a few important files (if you find one, please send it to me). On the other hand, as long as I don't load any new packages, none of these files change during normal operation of the system. -\subsection*{Running the Verify} +\section{Running the Verify} \index[general]{Running the Verify } \index[general]{Verify!Running the } -\addcontentsline{toc}{subsection}{Running the Verify} The first thing you will want to do is to run an {\bf InitCatalog} level Verify Job. This will initialize the catalog to contain the file information @@ -199,10 +200,9 @@ have defined. If you wish to immediately verify it, you can simply run a Verify {\bf Catalog} which will be the default. No differences should be found. -\subsection*{What To Do When Differences Are Found} +\section{What To Do When Differences Are Found} \index[general]{What To Do When Differences Are Found } \index[general]{Found!What To Do When Differences Are } -\addcontentsline{toc}{subsection}{What To Do When Differences Are Found} If you have setup your messages correctly, you should be notified if there are any differences and exactly what they are. For example, below is the email @@ -296,14 +296,13 @@ normal operation of your system, you will get false matches, and you will need to modify the {\bf FileSet} to exclude that file (or not to Include it), and then re-run the {\bf InitCatalog}. -The FileSet that is shown below is what I use on my RedHat 7.3 system. With a +The FileSet that is shown below is what I use on my Red Hat 7.3 system. With a bit more thought, you can probably add quite a number of additional files that should be monitored. -\subsection*{A Verify Configuration Example} +\section{A Verify Configuration Example} \index[general]{Verify Configuration Example } \index[general]{Example!Verify Configuration } -\addcontentsline{toc}{subsection}{Verify Configuration Example} \footnotesize \begin{verbatim} @@ -328,34 +327,38 @@ Job { # FileSet { Name = "Verify Set" - Include = verify=pins1 signature=SHA1 { - /boot - /bin - /sbin - /usr/bin - /lib - /root/.ssh - /home/kern/.ssh - /var/named - /etc/sysconfig - /etc/ssh - /etc/security - /etc/exports - /etc/rc.d/init.d - /etc/sendmail.cf - /etc/sysctl.conf - /etc/services - /etc/xinetd.d - /etc/hosts.allow - /etc/hosts.deny - /etc/hosts - /etc/modules.conf - /etc/named.conf - /etc/pam.d - /etc/resolv.conf + Include { + Options { + verify=pins1 + signature=SHA1 + } + File = /boot + File = /bin + File = /sbin + File = /usr/bin + File = /lib + File = /root/.ssh + File = /home/kern/.ssh + File = /var/named + File = /etc/sysconfig + File = /etc/ssh + File = /etc/security + File = /etc/exports + File = /etc/rc.d/init.d + File = /etc/sendmail.cf + File = /etc/sysctl.conf + File = /etc/services + File = /etc/xinetd.d + File = /etc/hosts.allow + File = /etc/hosts.deny + File = /etc/hosts + File = /etc/modules.conf + File = /etc/named.conf + File = /etc/pam.d + File = /etc/resolv.conf } Exclude = { } -} +P Client { Name = MatouVerify Address = lmatou diff --git a/docs/manual-fr/verify.tex b/docs/manual-fr/verify.tex index 1c16850f..17261587 100644 --- a/docs/manual-fr/verify.tex +++ b/docs/manual-fr/verify.tex @@ -1,12 +1,15 @@ %% %% -\section*{Using Bacula to Improve Computer Security} -\label{_ChapterStart45} +% TODO: this chapter name is confusing ... maybe rename to +% TODO: "File Integrity Checking with Bacula"? +\chapter{Using Bacula to Improve Computer Security} +\label{VerifyChapter} \index[general]{Security!Using Bacula to Improve Computer } \index[general]{Using Bacula to Improve Computer Security } -\addcontentsline{toc}{section}{Using Bacula to Improve Computer Security} +% TODO: only those two digest algorithms? +% TODO: can it use multiple at a time? (record and use both SHA1 and MD5?) Since Bacula maintains a catalog of files, their attributes, and either SHA1 or MD5 signatures, it can be an ideal tool for improving computer security. This is done by making a snapshot of your system files with a {\bf Verify} Job @@ -47,9 +50,8 @@ Then you decide what attributes of each file you want compared by specifying comparison options on the {\bf Include} statements that you use in the {\bf FileSet} resource of your {\bf Catalog} Jobs. -\subsection*{The Details} +\section{The Details} \index[general]{Details } -\addcontentsline{toc}{subsection}{Details} In the discussion that follows, we will make reference to the Verify Configuration Example that is included below in the {\bf A Verify @@ -102,15 +104,14 @@ choose all unchanging important system files. Then if any of those files has changed, you will be notified, and you can determine if it changed because you loaded a new package, or because someone has broken into your computer and modified your files. The example below shows a list of files that I use on my -RedHat 7.3 system. Since I didn't spend a lot of time working on it, it +Red Hat 7.3 system. Since I didn't spend a lot of time working on it, it probably is missing a few important files (if you find one, please send it to me). On the other hand, as long as I don't load any new packages, none of these files change during normal operation of the system. -\subsection*{Running the Verify} +\section{Running the Verify} \index[general]{Running the Verify } \index[general]{Verify!Running the } -\addcontentsline{toc}{subsection}{Running the Verify} The first thing you will want to do is to run an {\bf InitCatalog} level Verify Job. This will initialize the catalog to contain the file information @@ -199,10 +200,9 @@ have defined. If you wish to immediately verify it, you can simply run a Verify {\bf Catalog} which will be the default. No differences should be found. -\subsection*{What To Do When Differences Are Found} +\section{What To Do When Differences Are Found} \index[general]{What To Do When Differences Are Found } \index[general]{Found!What To Do When Differences Are } -\addcontentsline{toc}{subsection}{What To Do When Differences Are Found} If you have setup your messages correctly, you should be notified if there are any differences and exactly what they are. For example, below is the email @@ -296,14 +296,13 @@ normal operation of your system, you will get false matches, and you will need to modify the {\bf FileSet} to exclude that file (or not to Include it), and then re-run the {\bf InitCatalog}. -The FileSet that is shown below is what I use on my RedHat 7.3 system. With a +The FileSet that is shown below is what I use on my Red Hat 7.3 system. With a bit more thought, you can probably add quite a number of additional files that should be monitored. -\subsection*{A Verify Configuration Example} +\section{A Verify Configuration Example} \index[general]{Verify Configuration Example } \index[general]{Example!Verify Configuration } -\addcontentsline{toc}{subsection}{Verify Configuration Example} \footnotesize \begin{verbatim} @@ -328,34 +327,38 @@ Job { # FileSet { Name = "Verify Set" - Include = verify=pins1 signature=SHA1 { - /boot - /bin - /sbin - /usr/bin - /lib - /root/.ssh - /home/kern/.ssh - /var/named - /etc/sysconfig - /etc/ssh - /etc/security - /etc/exports - /etc/rc.d/init.d - /etc/sendmail.cf - /etc/sysctl.conf - /etc/services - /etc/xinetd.d - /etc/hosts.allow - /etc/hosts.deny - /etc/hosts - /etc/modules.conf - /etc/named.conf - /etc/pam.d - /etc/resolv.conf + Include { + Options { + verify=pins1 + signature=SHA1 + } + File = /boot + File = /bin + File = /sbin + File = /usr/bin + File = /lib + File = /root/.ssh + File = /home/kern/.ssh + File = /var/named + File = /etc/sysconfig + File = /etc/ssh + File = /etc/security + File = /etc/exports + File = /etc/rc.d/init.d + File = /etc/sendmail.cf + File = /etc/sysctl.conf + File = /etc/services + File = /etc/xinetd.d + File = /etc/hosts.allow + File = /etc/hosts.deny + File = /etc/hosts + File = /etc/modules.conf + File = /etc/named.conf + File = /etc/pam.d + File = /etc/resolv.conf } Exclude = { } -} +P Client { Name = MatouVerify Address = lmatou diff --git a/docs/manual/verify.tex b/docs/manual/verify.tex index b7ffce05..17261587 100644 --- a/docs/manual/verify.tex +++ b/docs/manual/verify.tex @@ -327,34 +327,38 @@ Job { # FileSet { Name = "Verify Set" - Include = verify=pins1 signature=SHA1 { - /boot - /bin - /sbin - /usr/bin - /lib - /root/.ssh - /home/kern/.ssh - /var/named - /etc/sysconfig - /etc/ssh - /etc/security - /etc/exports - /etc/rc.d/init.d - /etc/sendmail.cf - /etc/sysctl.conf - /etc/services - /etc/xinetd.d - /etc/hosts.allow - /etc/hosts.deny - /etc/hosts - /etc/modules.conf - /etc/named.conf - /etc/pam.d - /etc/resolv.conf + Include { + Options { + verify=pins1 + signature=SHA1 + } + File = /boot + File = /bin + File = /sbin + File = /usr/bin + File = /lib + File = /root/.ssh + File = /home/kern/.ssh + File = /var/named + File = /etc/sysconfig + File = /etc/ssh + File = /etc/security + File = /etc/exports + File = /etc/rc.d/init.d + File = /etc/sendmail.cf + File = /etc/sysctl.conf + File = /etc/services + File = /etc/xinetd.d + File = /etc/hosts.allow + File = /etc/hosts.deny + File = /etc/hosts + File = /etc/modules.conf + File = /etc/named.conf + File = /etc/pam.d + File = /etc/resolv.conf } Exclude = { } -} +P Client { Name = MatouVerify Address = lmatou -- 2.39.5