146
Chapter 11. Tripwire
1. Install Tripwire and customize the policy file.
Install the
tripwire
RPM (Section 11.2). Then, customize the sample configuration and policy
files (
/etc/tripwire/twcfg.txt
and
/etc/tripwire/twpol.txt
respectively) and run
the configuration script,
/etc/tripwire/twinstall.sh
. For more information, see Section
11.3.
2. Initialize the Tripwire database.
Build a database of critical system files to monitor based on the contents of the new, signed
Tripwire policy file,
/etc/tripwire/tw.pol
. For more information, see Section 11.4.
3. Run a Tripwire integrity check.
Compare the newly created Tripwire database with the actual system files, looking for missing
or altered files. For more information, see Section 11.5.
4. Examine the Tripwire report file.
View the Tripwire report file using
/usr/sbin/twprint
to note integrity violations. For more
information, see Section 11.6.1.
5. If unauthorized integrity violations occur, take appropriate security measures.
If monitored files have been altered inappropriately, you can either replace the original files from
backup copies reinstall the program, or completely reinstall the operating system.
6. If the file alterations were valid, verify and update the Tripwire database file.
If the changes made to monitored files are intentional, edit Tripwire's database file to ignore
those changes in subsequent reports. For more information, see Section 11.7.
7. If the policy file fails verification, update the Tripwire policy file.
To change the list of files Tripwire monitors or how it treats integrity violations, update
the supplied policy file (
/etc/tripwire/twpol.txt
), regenerate a signed copy
(
/etc/tripwire/tw.pol
), and update the Tripwire database. For more information, see
Section 11.8.
Refer to the appropriate sections within this chapter for detailed instructions on each step.
11.2. Installing the Tripwire RPM
The easiest way to install Tripwire is to select the
tripwire
RPM during the Red Hat Linux 8.0
installation process. However, if you have already installed Red Hat Linux 8.0, you can use
rpm
or
Package Management Tool (
redhat config packages
) to install the Tripwire RPM from the
Red Hat Linux 8.0 CD ROMs.
If you are not sure whether or not Tripwire is installed, type the following command at a shell prompt:
rpm q tripwire
If Tripwire is installed, this command will return the following:
tripwire version number
L
M
The following steps outline how to find and install Tripwire from CD ROM using the RPM command
line application:
1. Insert CD 2 of the Red Hat Linux 8.0 installation CD ROMs.
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved