| |
|
Home
|
| Red Hat Linux 7.3: The Official Red Hat Linux Reference Guide |
|---|
| Prev | Chapter 12. Installing and Configuring Tripwire | Next |
Once installed, Tripwire must also be
correctly initialized to be able to keep a close watch on your
files. These sections detail how to install the program, if it is not
already present on your system, and then how to initialize the
Tripwire database.
The easiest way to install Tripwire is to install
the tripwire RPM during the Red Hat Linux 7.3 installation
process. However, if you have already installed Red Hat Linux 7.3, you can use
RPM, Gnome-RPM,
or Kpackage to install the
Tripwire RPM from the Red Hat Linux 7.3
CD-ROMs. The following steps outline this process using
RPM:
Locate the RedHat/RPMS directory on the
Red Hat Linux 7.3 CD-ROM.
Locate the tripwire binary RPM by typing
ls -l tripwire* in the
RedHat/RPMS directory.
Type rpm -Uvh
<name> (where
<name> is the
name of the Tripwire RPM found in step 2)
After installing the tripwire RPM, follow
the post-installation instructions outlined below.
 | Note |
|---|
| | The release notes and README file are located in
/usr/share/doc/tripwire-<version-number>.
These documents contain important information about the default
policy file and other issues.
|
The tripwire RPM installs the program files
needed to run the software. After you have installed
Tripwire, you must configure it for your
system as outlined in the following steps:
If you already know of several changes that should be made to the
configuration file (/etc/tripwire/twcfg.txt)
or the policy file (/etc/tripwire/twpol.txt),
edit those files now.
| Note |
|---|
| | While you should edit your configuration and policy files
to customize Tripwire to your
particular situation, editing the configuration or policy files is
not required to use Tripwire. If
you plan to modify the configuration or policy files, you must
make these changes before running the configuration script
(/etc/tripwire/twinstall.sh). If you modify the
configuration or policy files after running the configuration
script, you must re-run the configuration script before
initializing the database file. Keep in mind that you
can edit the configuration and policy files
after initializing the database file and
running an integrity check.
|
Type /etc/tripwire/twinstall.sh at the command
line as root and press [Enter] to run the
configuration script. The twinstall.sh script
walks you through the processes of setting passphrases, generating
the cryptographic keys that protect the
Tripwire configuration and policy
files, and signing these files. See the Section called Selecting Passphrases for more information on
setting passphrases.
| Note |
|---|
| | Once encoded and signed, the configuration file
(/etc/tripwire/tw.cfg) and policy file
(/etc/tripwire/tw.pol) generated by
running the /etc/tripwire/twinstall.sh
script should not be renamed or moved.
|
Initialize the Tripwire database file by issuing the
/usr/sbin/tripwire --init command at the
command line.
Run the first integrity check comparing your new Tripwire
database to your system files by issuing the
/usr/sbin/tripwire --check command at the
command line and looking for errors in the generated report.
Once you finish these steps successfully,
Tripwire has the baseline snapshot of your
filesystem that it needs to check for changes to critical
files. Additionally, the tripwire RPM adds a file
called tripwire-check to the
/etc/cron.daily directory that will automatically
run an integrity check once per day.
|
|
|
|
|
|
|
|
Disclaimer: For authoritative source or latest update to this
documentation, please refer to http://www.redhat.com/docs/manuals/linux/ |
|
 |
|
|
|
Quotes: Two roads diverged in a wood, and I took the one less traveled by, And that has made all the difference.
|
|
|
|
|
|
|
