# cd /etc/tripwire/If you want, you can edit twcfg.txt and twpol.txt and make changes according to your security policy. The file twcfg.txt contains runtime configuration for Tripwire, which describes the location of some of it's dependencies, and Tripwire's runtime behavior. It is ok to leave this file in its current format. The twpol.txt file is a text version of the rules for various files and directories. If you are not sure of what you are doing, it is advisable to leave it in its current form except for the hostname change described below. If there are any files or directories or other objects that are not included in the list, you can add them in this file. You can modify this file to suit your security policy. The most important thing to change in twpol.txt is on line 65:
HOSTNAME=localhost;This must be changed to the actual hostname, otherwise Tripwire will be unable to find the all important report files. You must already know your system's hostname, but if you don't it can be determined with either of the following commands:
echo $HOSTNAMEor
uname -nIn short, I would advise the newbies to just edit twpol.txt to change the hostname, but leave twcfg.txt alone. Do not modify twpol.txt any further unless you know what you are doing.
Please note that after you finish the installation and checking, you should move twcfg.txt and twpol.txt to a removable media or encrypt those files using GPG key or any other encryption methods. This is very vital and failure to do so defeats the very purpose of an Intrusion Detection System. Please note that you should not move these files now. Doing so will give you error messages..
In the following step, it will ask for a passphrase. Give a passphrase which is difficult to guess (like how you select your linux password) and it is better if you don't keep your linux password as a passphrase. I want to emphasize that this password should be non trivial and should contain a mixture of upper case, lower case alphabets, numbers and other alpha numeric characters. Also make sure that you remember the passphrase forever. Now, we will run the script twinstall.sh. This script acquires the local and site passwords, and performs other initialization. Passwords should be at least 8 characters and less than or equal to 1023 characters.
# ./twinstall.sh ---------------------------------------------- The Tripwire site and local passphrases are used to sign a variety of files, such as the configuration, policy, and database files. Passphrases should be at least 8 characters in length and contain both letters and numbers. See the Tripwire manual for more information. ---------------------------------------------- Creating key files... The site key file "/etc/tripwire/site.key" is created The site key file "/etc/tripwire/yourmachinename-local.key" is created. ---------------------------------------------- Signing configuration file... Please enter your site passphrase: Wrote configuration file: /etc/tripwire/tw.cfg A clear-text version of the Tripwire configuration file /etc/tripwire/twcfg.txt has been preserved for your inspection. It is recommended that you delete this file manually after you have examined it. ---------------------------------------------- Signing policy file... Please enter your site passphrase: Wrote policy file: /etc/tripwire/tw.pol A clear-text version of the Tripwire policy file /etc/tripwire/twpol.txt has been preserved for your inspection. This implements a minimal policy, intended only to test essential Tripwire functionality. You should edit the policy file to describe your system, and then use twadmin to generate a new signed copy of the Tripwire policy.
The following command initializes the database used by Tripwire. It might take several minutes. You'll see several messages, including "no such file or directory" errors. It is not a problem. You can safely ignore them for the time being.
#/usr/sbin/tripwire --init Please enter your local passphrase: Parsing policy file: /etc/tripwire/tw.pol Generating the database... *** Processing Unix File System *** ### Warning: File system error. ### Filename: /sbin/accton ### No such file or directory ### Continuing... ### Warning: File system error. ### Filename: /sbin/busybox ### No such file or directory ### Continuing... ... ... ... ### Warning: File system error. ### Filename: /root/.gnome-desktop ### No such file or directory ### Continuing... Wrote database file: /var/lib/tripwire/yourmachinename.twd The database was successfully generated.If everything goes right, you will get a message that the database is generated.
FN Site Search
FN Blog Login