| |
|
Home
|
| Red Hat Linux 7.2: The Official Red Hat Linux Reference Guide |
|---|
| Prev | Chapter 11. Installing and Configuring Tripwire | Next |
Once installed, Tripwire must also be
correctly initialized to be able to keep a close watch on your
files. These sections detail how to install the program, if it is not
already present on your system, and then how to initialize the
Tripwire database.
The easiest way to install Tripwire is to install
the tripwire RPM during the Red Hat Linux 7.2 installation
process. However, if you've already installed Red Hat Linux 7.2, you can use
RPM, Gnome-RPM,
or Kpackage to install the
Tripwire RPM from the Red Hat Linux 7.2
CD-ROMs. The following steps outline this process using
RPM:
Locate the RedHat/RPMS directory on the Red Hat Linux
7.2 CD-ROM.
Locate the tripwire binary RPM by typing
ls -l tripwire* in the
RedHat/RPMS directory.
Type rpm -Uvh <name>
(where <name> is the
name of the Tripwire RPM found in step
2)
After installing the tripwire RPM,
follow the post-installation instructions outlined below.
 | Note |
|---|
| | The release notes and README file are located in
/usr/share/doc/tripwire-<version-number>.
These documents contain important information about the default
policy file and other issues.
|
The tripwire RPM installs the program files
needed to run the software. After you've installed
Tripwire, you must configure it for your
system as outlined in the following steps:
If you already know of several changes that should be made to the
configuration file (/etc/tripwire/twcfg.txt)
or the policy file (/etc/tripwire/twpol.txt),
edit those files now.
| Note |
|---|
| | While you should edit your configuration and policy files
to customize Tripwire to your
particular situation, editing the configuration or policy files is
not required to use Tripwire. If
you plan to modify the configuration or policy files, you must
make these changes before running the configuration script
(/etc/tripwire/twinstall.sh). If you modify the
configuration or policy files after running the configuration
script, you must re-run the configuration script before
initializing the database file. Keep in mind that you
can edit the configuration and policy files
after initializing the database file and
running an integrity check.
|
Type /etc/tripwire/twinstall.sh at the command
line as root and press [Enter] to run the
configuration script. The twinstall.sh script
walks you through the processes of setting passphrases, generating
the cryptographic keys that protect the
Tripwire configuration and policy
files, and signing these files. See the section called Selecting Passphrases for more information on
setting passphrases.
| Note |
|---|
| | Once encoded and signed, the configuration file
(/etc/tripwire/tw.cfg) and policy file
(/etc/tripwire/tw.pol) generated by
running the /etc/tripwire/twinstall.sh
script should not be renamed or moved.
|
Initialize the Tripwire database file
by issuing the /usr/sbin/tripwire --init
command at the command line.
Run the first integrity check comparing your new
Tripwire database to your system files
by issuing the /usr/sbin/tripwire --check
command at the command line and looking for errors in the
generated report.
Once you finish these steps successfully,
Tripwire has the baseline snapshot of your
filesystem that it needs to check for changes to critical
files. Additionally, the tripwire RPM adds a file
called tripwire-check to the
/etc/cron.daily directory that will automatically
run an integrity check once per day.
|
|
|
|
|
|
|
|
Disclaimer: For authoritative source or latest update to this
documentation, please refer to http://www.redhat.com/docs/manuals/linux/ |
|
 |
|
|
|
Quotes: Imagination is a quality given a man to compensate him for what he is not, and a sense of humor was provided to console him for what he is.The uglier a man's legs are, the better he plays golf. It's almost a law.
|
|
|
|
|
|
|
