لطفا منتظر باشید ...
Recipe 1.1 Setting Up Tripwire
1.1.1 Problem
You want to prepare a computer to use
Tripwire for the first time.
1.1.2 Solution
After you have installed Tripwire, do the following:
# cd /etc/tripwire
# ./twinstall.sh
# tripwire --init
# rm twcfg.txt twpol.txt
1.1.3 Discussion
The script
twinstall.sh
performs the following tasks within
the directory /etc/tripwire:
- Creates the site key and the local key, prompting
you to enter their passphrases. (If the keys exist, this step is
skipped.) The site key is stored in site.key,
and the local key in hostname-local.key , where
hostname is the hostname of the machine. - Signs the default configuration file, twcfg.txt,
with the site key, creating tw.cfg. - Signs the default
policy file,
twpol.txt, with the site key, creating
tw.pol.
If for some reason your system doesn't have
twinstall.sh, equivalent manual steps are:
Helpful variables:
DIR=/etc/tripwire
SITE_KEY=$DIR/site.key
LOCAL_KEY=$DIR/`hostname`-local.key
Generate the site key:
# twadmin --generate-keys --site-keyfile $SITE_KEY
Generate the local key:
# twadmin --generate-keys --local-keyfile $LOCAL_KEY
Sign the configuration file:
# twadmin --create-cfgfile --cfgfile $DIR/tw.cfg --site-keyfile $SITE_KEY $DIR/twcfg.txt
Sign the policy file:
# twadmin --create-polfile --cfgfile $DIR/tw.cfg --site-keyfile $SITE_KEY $DIR/twpol.txt
Set appropriate permissions:
# cd $DIR
# chown root:root $SITE_KEY $LOCAL_KEY tw.cfg tw.pol
# chmod 600 $SITE_KEY $LOCAL_KEY tw.cfg tw.pol
(Or chmod 640 to allow a root group to access the
files.)These steps assume that your default configuration and policy files
exist: twcfg.txt and twpol.txt,
respectively. They should have been supplied with the Tripwire
distribution. Undoubtedly you'll need to edit them
to match your system. [Recipe 1.3] The names
twcfg.txt and twpol.txt are
mandatory if you run twinstall.sh, as they are
hard-coded inside the script.[1]
[1] If they are different
on your system, read twinstall.sh to learn the
appropriate names.
Next, tripwire builds the Tripwire database and
signs it with the local key:
# tripwire --init
Enter the local key passphrase to complete the operation. If
tripwire produces an error message like
"Warning: File System Error," then
your default policy probably refers to nonexistent files. These are
not fatal errors: tripwire still ran successfully.
At some point you should modify the policy to remove these
references. [Recipe 1.3]The last step, which is optional but recommended, is to delete the
plaintext (unencrypted) policy and configuration files:
# rm twcfg.txt twpol.txt
You are now ready to run integrity checks.
1.1.4 See Also
twadmin(8), tripwire(8). If
Tripwire isn't included
in your Linux distribution, it can be downloaded from the Tripwire
project page at http://sourceforge.net/projects/tripwire or
http://www.tripwire.org. (Check
both to make sure you're getting the latest
version.) Basic documentation is installed in
/usr/share/doc/tripwire* but does not include
the full manual, so be sure to download it (in PDF or source formats)
from the SourceForge project page. The commercial Tripwire is found
at http://www.tripwire.com.
