How to set up Tripwire on CentOS

Tripwire is a software application that provides data integrity and security for Linux-based operating systems by monitoring changes in certain system files. The open source version is available for free, although it isn't included with Red Hat Enterprise Linux (RHEL). The commercial version of Tripwire is part of the TriSentry suite of security tools available from www.psionic.com. Once Tripwire is downloaded and installed, it needs to be configured for its environment. After being initialized, Tripwire can be started from the command line.

DIFFICULTY Basic - 1 | Medium - 2 | Advanced - 3
TIME REQUIRED 30 min
RELATED PRODUCTS CentOS-based VPS or dedicated servers

Install Tripwire

Move to the /tmp directory:

# cd /tmp

Download the appropriate distribution package for your system. The following wget command downloads the latest version of Tripwire for a 64-bit Linux system:

# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/tripwire-2.4.1.2-11.el6.x86_64.rpm

Install Tripwire with this rpm command:

# rpm -ivh tripwire-2.4.1.2-11.el6.x86_64.rpm
Configure Tripwire

The most common configuration changes for Tripwire deal with sending reports, since email support isn't enabled by default. Modify /etc/tripwire/twcfg.txt to deliver email reports for your environment. Assume for this example that you have a central host named localhost that will send Tripwire reports for you. Change the line that reads "MAILMETHOD =SENDMAIL" to read "MAILMETHOD =SMTP". Add a line below that one that reads "SMTPHOST =localhost".

Edit /etc/tripwire/twpol.txt to provide email reports as needed for each rule. These rules generally begin with lines similar to the following:

rulename = "Tripwire Binaries",
severity = $(SIG_HI)

Add a comma to the end of the severity line above if it's not already present. Add another line below it to provide your email address as follows:

emailto = yourname@yourdomain.com

This section should now appear as follows:

rulename = "Tripwire Binaries",
severity = $(SIG_HI),
emailto = yourname@yourdomain.com

Create the key files

Enter the following command to generate the key files for your machine:

# /usr/sbin/tripwire-setup-keyfiles

The above command will prompt you for a pass phrase for site key files, which you'll need to enter twice. You'll also provide a pass phrase for local key files by entering it twice. You'll then provide the appropriate pass phrase to generate the keys for the site and local key files.

Initialize the Tripwire database

The following command will initialize the Tripwire database:

# tripwire --init

Enter the local pass phrase when prompted. The initialization process will normally require at least several minutes and generate many warnings for missing files.

Start Tripwire

Start Tripwire with the following command line:

# tripwire --check --interactive

This command will perform an integrity check, after which you'll be prompted for your local pass phrase to write the database file.


Помогла ли вам эта статья?
Благодарим вас за отзыв. Чтобы связаться с сотрудником службы поддержки клиентов, позвоните по номеру этой службы или воспользуйтесь опцией чата выше.
Мы рады вам помочь! У вас остались вопросы?
Приносим извинения. Расскажите нам, какие затруднения вы испытываете или почему рекомендованное решение не помогло устранить проблему.