Chapter 11. Tripwire


149


Warning


For security purposes, you should either delete or store in a secure location any copies of the plain


text /etc/tripwire/twpol.txt file after running the installation script or regenerating a signed con 


figuration file. Alternatively, you can change the permissions so that it is not world readable.


11.3.3. Run the


twinstall.sh


Script


As the root user, type


/etc/tripwire/twinstall.sh


at the shell prompt to run the configuration


script. The


twinstall.sh


script will ask you for site and local passwords. These passwords are used


to generate cryptographic keys for protecting Tripwire files. The script then creates and signs these


files.


When selecting the site and local passwords, you should consider the following guidelines:


Use at least eight alphanumeric and symbolic characters, but for each password do not exceed 1023.


Do not use quotes in a password.


Make the Tripwire passwords completely different from the root or any other password for the


system.


Use unique passwords for both the site key and the local key.


The site key password protects the Tripwire configuration and policy files. The local key password


protects the Tripwire database and report files.


Warning


There is no way to decrypt a signed file if you forget your password. If you forget the passwords, the


files are unusable and you will have to run the configuration script again.


By encrypting its configuration, policy, database, and report files, Tripwire protects them from being


viewed by anyone who does not know the site and local passwords. This means that, even if an intruder


obtains root access to your system, they will not be able to alter the Tripwire files to hide their tracks.


Once encrypted and signed, the configuration and policy files generated by running the


twinstall.sh


script should not be renamed or moved.


11.4. Initialize the Tripwire Database


Initialize the Tripwire database file by issuing the


/usr/sbin/tripwire   init


command at the


command line.


When initializing its database, Tripwire builds a collection of file system objects based on the rules in


the policy file. This database serves as the baseline for integrity checks.


To initialize the Tripwire database, use the following command:


/usr/sbin/tripwire   init


This command can take several minutes to run.


Once you finish these steps successfully, Tripwire has the baseline snapshot of your file system nec 


essary to check for changes in critical files. After initializing the Tripwire database, you should run








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      tomcat hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved