VPS i serwery dedykowane (Centrum kontroli hostingu) Pomoc

How to set up Tripwire on CentOS

Tripwire is a software application that provides data integrity and security for Linux-based operating systems by monitoring changes in certain system files. The open source version is available for free, although it isn't included with Red Hat Enterprise Linux (RHEL). The commercial version of Tripwire is part of the TriSentry suite of security tools available from www.psionic.com. Once Tripwire is downloaded and installed, it needs to be configured for its environment. After being initialized, Tripwire can be started from the command line.

DIFFICULTY Basic - 1 | Medium - 2 | Advanced - 3
TIME REQUIRED 30 min
RELATED PRODUCTS CentOS-based VPS or dedicated servers

Install Tripwire

Move to the /tmp directory:

# cd /tmp

Download the appropriate distribution package for your system. The following wget command downloads the latest version of Tripwire for a 64-bit Linux system:

# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/tripwire-2.4.1.2-11.el6.x86_64.rpm

Install Tripwire with this rpm command:

# rpm -ivh tripwire-2.4.1.2-11.el6.x86_64.rpm
Configure Tripwire

The most common configuration changes for Tripwire deal with sending reports, since email support isn't enabled by default. Modify /etc/tripwire/twcfg.txt to deliver email reports for your environment. Assume for this example that you have a central host named localhost that will send Tripwire reports for you. Change the line that reads "MAILMETHOD =SENDMAIL" to read "MAILMETHOD =SMTP". Add a line below that one that reads "SMTPHOST =localhost".

Edit /etc/tripwire/twpol.txt to provide email reports as needed for each rule. These rules generally begin with lines similar to the following:

rulename = "Tripwire Binaries",
severity = $(SIG_HI)

Add a comma to the end of the severity line above if it's not already present. Add another line below it to provide your email address as follows:

emailto = yourname@yourdomain.com

This section should now appear as follows:

rulename = "Tripwire Binaries",
severity = $(SIG_HI),
emailto = yourname@yourdomain.com

Create the key files

Enter the following command to generate the key files for your machine:

# /usr/sbin/tripwire-setup-keyfiles

The above command will prompt you for a pass phrase for site key files, which you'll need to enter twice. You'll also provide a pass phrase for local key files by entering it twice. You'll then provide the appropriate pass phrase to generate the keys for the site and local key files.

Initialize the Tripwire database

The following command will initialize the Tripwire database:

# tripwire --init

Enter the local pass phrase when prompted. The initialization process will normally require at least several minutes and generate many warnings for missing files.

Start Tripwire

Start Tripwire with the following command line:

# tripwire --check --interactive

This command will perform an integrity check, after which you'll be prompted for your local pass phrase to write the database file.


Czy ten artykuł był pomocny?
Thanks for your feedback. To speak with a customer service representative, please use the support phone number or chat option above.
Cieszymy się, że udało się nam pomóc! Czy coś jeszcze możemy dla Ciebie zrobić?
Przykro nam z tego powodu. Tell us what was confusing or why the solution didn’t solve your problem.