Recipe 1.1 Setting Up Tripwire

Previous page
Table of content
Next page

1.1.1 Problem

You want to prepare a computer to use Tripwire for the first time.

1.1.2 Solution

After you have installed Tripwire, do the following:

# cd /etc/tripwire # ./twinstall.sh # tripwire --init # rm twcfg.txt twpol.txt

1.1.3 Discussion

The script twinstall.sh performs the following tasks within the directory /etc/tripwire:

  • Creates the site key and the local key, prompting you to enter their passphrases. (If the keys exist, this step is skipped.) The site key is stored in site.key, and the local key in hostname-local.key, where hostname is the hostname of the machine.

  • Signs the default configuration file, twcfg.txt, with the site key, creating tw.cfg.

  • Signs the default policy file, twpol.txt, with the site key, creating tw.pol.

If for some reason your system doesn't have twinstall.sh, equivalent manual steps are:

Helpful variables: DIR=/etc/tripwire SITE_KEY=$DIR/site.key LOCAL_KEY=$DIR/`hostname`-local.key Generate the site key: # twadmin --generate-keys --site-keyfile $SITE_KEY Generate the local key: # twadmin --generate-keys --local-keyfile $LOCAL_KEY Sign the configuration file: # twadmin --create-cfgfile --cfgfile $DIR/tw.cfg \           --site-keyfile $SITE_KEY $DIR/twcfg.txt Sign the policy file: # twadmin --create-polfile --cfgfile $DIR/tw.cfg \           --site-keyfile $SITE_KEY $DIR/twpol.txt Set appropriate permissions: # cd $DIR # chown root:root $SITE_KEY $LOCAL_KEY tw.cfg tw.pol # chmod 600 $SITE_KEY $LOCAL_KEY tw.cfg tw.pol

(Or chmod 640 to allow a root group to access the files.)

These steps assume that your default configuration and policy files exist: twcfg.txt and twpol.txt, respectively. They should have been supplied with the Tripwire distribution. Undoubtedly you'll need to edit them to match your system. [Recipe 1.3] The names twcfg.txt and twpol.txt are mandatory if you run twinstall.sh, as they are hard-coded inside the script.[1]

[1] If they are different on your system, read twinstall.sh to learn the appropriate names.

Next, tripwire builds the Tripwire database and signs it with the local key:

# tripwire --init

Enter the local key passphrase to complete the operation. If tripwire produces an error message like "Warning: File System Error," then your default policy probably refers to nonexistent files. These are not fatal errors: tripwire still ran successfully. At some point you should modify the policy to remove these references. [Recipe 1.3]

The last step, which is optional but recommended, is to delete the plaintext (unencrypted) policy and configuration files:

# rm twcfg.txt twpol.txt

You are now ready to run integrity checks.

1.1.4 See Also

twadmin(8), tripwire(8). If Tripwire isn't included in your Linux distribution, it can be downloaded from the Tripwire project page at http://sourceforge.net/projects/tripwire or http://www.tripwire.org. (Check both to make sure you're getting the latest version.) Basic documentation is installed in /usr/share/doc/tripwire* but does not include the full manual, so be sure to download it (in PDF or source formats) from the SourceForge project page. The commercial Tripwire is found at http://www.tripwire.com.

Previous page
Table of content
Next page
Linux Security Cookbook
Linux Security Cookbook
ISBN: 0596003919
EAN: 2147483647
Year: 2006
Pages: 247
Authors: Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
BUY ON AMAZON
Metrics and Models in Software Quality Engineering (2nd Edition)
Adobe After Effects 7.0 Studio Techniques
WebLogic: The Definitive Guide
C & Data Structures (Charles River Media Computer Engineering)
Sap Bw: a Step By Step Guide for Bw 2.0
MPLS Configuration on Cisco IOS Software
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy