DOKK / manpages / debian 12 / tripwire / twadmin.8.en
TWADMIN(8) System Manager's Manual TWADMIN(8)

twadmin - Tripwire administrative and utility tool

twadmin { -m F | --create-cfgfile } options...
configfile.txt
twadmin { -m f | --print-cfgfile } [ options... ]
twadmin { -m P | --create-polfile } [ options... ]
policyfile.txt
twadmin { -m p | --print-polfile } [ options... ]
twadmin { -m R | --remove-encryption } [ options... ]
file1 [ file2... ]
twadmin { -m E | --encrypt } [ options... ]
file1 [ file2... ]
twadmin { -m e | --examine } [ options... ]
file1 [ file2... ]
twadmin { -m G | --generate-keys } options...
twadmin { -m C | --change-passphrases } options...

The twadmin utility is used to perform certain administrative functions related to Tripwire files and configuration options. Specifically, twadmin allows encoding, decoding, signing, and verification of Tripwire files, and provides a means to generate and change local and site keys.

This command mode designates an existing text file as the new configuration file for Tripwire. The plain text configuration file must be specified on the command line. Using the site key, the new configuration file is encoded and saved.

This command mode prints the specified encoded and signed configuration file in clear-text form to standard output.

This command mode designates an existing text file as the new policy file for Tripwire. The plain text policy file must be specified on the command line. Using the site key, the new policy file is encoded and saved.

This command mode prints the specified encoded and signed policy file in clear-text form to standard output.

This command mode allows the user to remove signing from signed configuration, policy, database, or report files. Multiple files may be specified on the command line. The user will need to enter the appropriate local or site keyfile, or both if a combination of files is to be verified. Even with the cryptographic signing removed, these files will be in a binary encoded (non-human-readable) form.

This command mode allows the user to sign configuration, policy, database files, or reports. Multiple files may be specified on the command line. The files will be signed using either the site or local key, as appropriate for the type of file. To automate the process, the passphrase for the key files can be included on the command line.

This command allows the user to examine the listed files and print a report of their signing status. This report displays the filename, file type, whether or not a file is signed, and what key (if any) is used to sign it.

This command mode generates site and/or local key files with names specified by the user.

This command reencrypts the private part of the site and/or local key files using the key filenames and passphrases specified by the user.

-m F --create-cfgfile
-v --verbose
-s --silent, --quiet
-c cfgfile --cfgfile cfgfile
-S sitekey --site-keyfile sitekey
-Q passphrase --site-passphrase passphrase
-e --no-encryption
configfile.txt
Mode selector.
Verbose output mode. Mutually exclusive with (-s).
Silent output mode. Mutually exclusive with (-v).
Specify the destination of the encoded (and optionally signed) configuration file.
Use the specified site key file to encode and sign the new configuration file. Exactly one of (-S) or (-e) must be specified.
Specifies passphrase to be used with site key for configuration file encoding and signing. Valid only in conjunction with (-S).
Do not sign the configuration file being stored. The configuration file will still be compressed, and will not be human-readable. Mutually exclusive with (-Q) and (-S).
Specifies the text configuration file that will become the new configuration file.



-m f --print-cfgfile
-v --verbose
-s --silent, --quiet
-c cfgfile --cfgfile cfgfile
Mode selector.
Verbose output mode. Mutually exclusive with (-s).
Silent output mode. Mutually exclusive with (-v).
Print the specified configuration file.



-m P --create-polfile
-v --verbose
-s --silent, --quiet
-c cfgfile --cfgfile cfgfile
-p polfile --polfile polfile
-S sitekey --site-keyfile sitekey
-Q passphrase --site-passphrase passphrase
-e --no-encryption
policyfile.txt
Mode selector.
Verbose output mode. Mutually exclusive with (-s).
Silent output mode. Mutually exclusive with (-v).
Use the specified configuration file.
Specify the destination of the encoded (and optionally signed) policy file.
Use the specified site key file. Mutually exclusive with (-e).
Specifies passphrase to be used with site key for policy signing. Mutually exclusive with (-e).
Do not sign the policy file being stored. The policy file will still be compressed, and will not be human-readable. Mutually exclusive with (-Q) and (-S).
Specifies the text policy file that will become the new policy file.



-m p --print-polfile
-v --verbose
-s --silent, --quiet
-c cfgfile --cfgfile cfgfile
-p polfile --polfile polfile
-S sitekey --site-keyfile sitekey
Mode selector.
Verbose output mode. Mutually exclusive with (-s).
Silent output mode. Mutually exclusive with (-v).
Use the specified configuration file.
Print the specified policy file.
Use the specified site key file.



-m R --remove-encryption
-v --verbose
-s --silent, --quiet
-c cfgfile --cfgfile cfgfile
-L localkey --local-keyfile localkey
-S sitekey --site-keyfile sitekey
-P passphrase --local-passphrase passphrase
-Q passphrase --site-passphrase passphrase
file1 [ file2... ]
Mode selector.
Verbose output mode. Mutually exclusive with (-s).
Silent output mode. Mutually exclusive with (-v).
Use the specified configuration file.
Specify the local keyfile to use to verify database files and reports.
Specify the site keyfile to use to verify configuration and policy files.
Specify the passphrase to use when verifying with the old local keyfile.
Specify the passphrase to use when verifying with the old site keyfile.
List of files from which signing is to be removed.



-m E --encrypt
-v --verbose
-s --silent, --quiet
-c cfgfile --cfgfile cfgfile
-L localkey --local-keyfile localkey
-S sitekey --site-keyfile sitekey
-P passphrase --local-passphrase passphrase
-Q passphrase --site-passphrase passphrase
file1 [ file2... ]
Mode selector.
Verbose output mode. Mutually exclusive with (-s).
Silent output mode. Mutually exclusive with (-v).
Use the specified configuration file.
Specify the local keyfile to use to sign database files and reports.
Specify the site keyfile to use to sign configuration and policy files.
Specify the passphrase to use when signing with the local keyfile.
Specify the passphrase to use when signing with the site keyfile.
List of files to sign using the new key(s).



-m e --examine
-v --verbose
-s --silent, --quiet
-c cfgfile --cfgfile cfgfile
-L localkey --local-keyfile localkey
-S sitekey --site-keyfile sitekey
file1 [ file2... ]
Mode selector.
Verbose output mode. Mutually exclusive with (-s).
Silent output mode. Mutually exclusive with (-v).
Use the specified configuration file.
Specifies the key to use as a local key.
Specifies the key to use as a site key.
List of files to examine.



-m G --generate-keys
-v --verbose
-s --silent, --quiet
-L localkey --local-keyfile localkey
-S sitekey --site-keyfile sitekey
-P passphrase --local-passphrase passphrase
-Q passphrase --site-passphrase passphrase
Mode selector.
Verbose output mode. Mutually exclusive with (-s).
Silent output mode. Mutually exclusive with (-v).
Generate the local key into the specified file. At least one of (-L) or (-S) must be specified.
Generate the site key into the specified file. At least one of (-S) or (-L) must be specified.
Specify local passphrase to be used when generating the local key.
Specify site passphrase to be used when generating the site key.
‐K size, --key-size size
Specify the key size (1024 or 2048 bits) when generating keys. (Default is 1024.)



-m C --change-passphrases
-v --verbose
-s --silent, --quiet
-L localkey --local-keyfile localkey
-S sitekey --site-keyfile sitekey
-P passphrase --local-passphrase passphrase
-Q passphrase --site-passphrase passphrase
--local-passphrase-old passphraseOld
--site-passphrase-old passphraseOld
Mode selector.
Verbose output mode. Mutually exclusive with (-s).
Silent output mode. Mutually exclusive with (-v).
Change passphrase used to encrypt the private key in the specified localkey file. At least one of (-L) or (-S) must be specified.
Change passphrase used to encrypt the private key in the specified sitekey file. At least one of (-L) or (-S) must be specified.
Specify passphrase used to encrypt the private key in the specified localkey file.
Specify passphrase used to encrypt the private key in the specified sitekey file.
Specify passphrase used to decrypt the private key in the specified localkey file.
Specify passphrase used to decrypt the private key in the specified sitekey file.

twadmin exits 0 on success, 1 on error.

This man page describes twadmin version 2.4.

Tripwire, Inc.

Permission is granted to make and distribute verbatim copies of this man page provided the copyright notice and this permission notice are preserved on all copies.

Permission is granted to copy and distribute modified versions of this man page under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one.

Permission is granted to copy and distribute translations of this man page into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by Tripwire, Inc.

Copyright 2000-2018 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. in the United States and other countries. All rights reserved.

twintro(8), tripwire(8), twprint(8), siggen(8), twconfig(4), twpolicy(4), twfiles(5)

04 Jan 2018 Open Source Tripwire 2.4