Google Site SearchFN Site Search FN Blog Login FN Blog Login
Site Navigation:
 
 

Tripwire on your Fedora Box

by Krishnan Subramanian

The direct URL is:

http://download.fedora.us/fedora/fedora/1/i386/RPMS.testing/tripwire-2.3.1-18.fdr.3.1.i386.rpm

To use apt-get, make sure your /etc/apt/sources.list includes the following 

# Fedora.us
rpm http://download.fedora.us/fedora/ fedora/1/i386 os stable unstable testing updates updates-testing
rpm-src http://download.fedora.us/fedora/ fedora/1/i386 os stable unstable testing updates updates-testing
If you want to use yum to get tripwire, make sure your /etc/yum.conf includes the following 
[fedora.us-testing]
name=Fedora.us testing
baseurl=http://download.fedora.us/fedora/fedora/1/i386/yum/testing
For using up2date, make sure your /etc/sysconfig/rhn/sources has the following entry 
yum fedora-testing http://download.fedora.us/fedora/fedora/1/i386/yum/testing
Thanks to Keith G. Robertson-Turner, maintainer of the Fedora Tripwire (GPL) package, for the above links and pointing me to certain security issues to be emphasized in this article. He has also given me some handy scripts to distribute to Fedoranews.org users. If you are installing Tripwire in your system, this will be of great use for you. Download this file in any directory (say /tmp). Login as root and change to the directory where you downloaded 
# cd /tmp
# tar -jxvf tripwire-scripts.sea.bin.tar.bz2
# sh tripwire-scripts.sea.bin
This will create a directory /root/scripts/ and put all the scripts there. From this directory, you can run any script you want. These scripts can be used to run a tripwire check, update database with recent reports and update the tripwire policy.

Keith G. Robertson-Turner has fowarded the following information which will help Fedoranews.org readers.

The following is classified as "development status", although probably good enough for public release. It is *not* officially endorsed by Fedora ... yet.

tripwire-2.3.1-18.fdr.8.i386.rpm
tripwire-2.3.1-18.fdr.8.gpg.md5
GENESIS-RPM-KEY.asc
and
tripwire-scripts-2.3.1-18.fdr.8.sea.bin.tar.bz2

The biggest changes are:

  • Complete overhaul of the default tripwire Policy; there shouldn't be too much left to "cull" from twpol.txt now, on a "everything" Fedora install.
  • The "real" hostname is now set in the twpol.txt, by %post scripts; one less thing to edit.
  • Updated scripts, including a new one "twpol-validator.sh", which can check your filesystems for all the files referenced in twpol.txt *before* you set up Tripwire. No more "check/edit/update" endless cycle.

Here's the full changelog since 2.3.1-18.fdr.3: 

* Sun Feb 29 2004 Keith G. Robertson-Turner
 0:2.3.1-18.fdr.8

= Default policy overhaul
= Spec cleanup

* Sun Feb 22 2004 Keith G. Robertson-Turner
 0:2.3.1-18.fdr.7

= Moved documentation data out of package description

* Sat Feb 21 2004 Keith G. Robertson-Turner
 0:2.3.1-18.fdr.6

= Removed explicit Buildrequires gcc-c++

* Fri Feb 20 2004 Keith G. Robertson-Turner
 0:2.3.1-18.fdr.5

= Finally moved twinstall.sh from the sysconfdir to the sbindir,  since
  it is not a configuration file. Fixes Red Hat bug #61855
= Renamed twinstall.sh to tripwire-setup-keyfiles, since  the  name  is
  misleading. It is setting up keyfiles, not installing an  application
= Minor correction to twinstall.sh (now tripwire-setup-keyfiles), which
  made an incorrect reference to the site key rather than the local key
= Long overdue default policy update
= Added explicit Buildrequires gcc-c++, to satisfy mach

* Thu Feb 19 2004 Keith G. Robertson-Turner
 0:2.3.1-18.fdr.4

= Fixed siggen.8 man page, broken command synopsis syntax. Submitted by
  doclifter
= Set real hostname in post, so  Tripwire  works  first  time,  without
  editing twpol.txt
= More accurate package summary
= Spec cleanup
Note the package summary and description have been updated, however most people will probably not see that change (with E.g. "rpm -qi tripwire") because of a useless package called "specspo". I highly recommend that you: 
rpm -ev specspo
It has no dependant packages, is useless to most people, and only serves to interfere with updated package summaries and descriptions.

For full details of the specspo problem, go to:

http://bugzilla.fedora.us/show_bug.cgi?id=1308#c7