Installing and Configuring Tripwire 2.2.1 on SuSE 6.x
Home Page: http://www.tripwiresecurity.com
Tripwire is a straightforward tool with a single purpose: detect any
variance in file integrity. This means that Tripwire can absolutely,
unequivocally determine if a protected file has been altered in a way that
violates the policy set by the administrator. Tripwire can also determine
if files have been added to or deleted from protected system directories
and much more.
Tripwire was written to work under Red Hat but with a few easy
modifications to the install.cfg file and the policy text file you can
make it work under SuSE 6.x.
With this NHF I have included a SuSE specific policy text file called
suse.txt. The policy text file is
used to create a Tripwire policy file.
Note, since I do not have X on my system I removed references to the X
files from the suse.txt file, if
you want to add them back, just copy the X references from the twpol.txt
file and add them to the suse.txt
file. If your already confused don't worry, this is really easy and you'll
understand more as you get further into this NHF.
1. Download a copy of Tripwire 2.2.1 from www.tripwiresecurity.com
2. Unpack the tar.gz file you downloaded. I unpacked mine into /tmp
3. cd /tmp or to the directory to which you unpacked Tripwire.
4. Edit the file install.cfg and change the value of TWEDITOR from
"/bin/vi" to "/usr/bin/vi" Note: install.cfg will be opened as read
only so when you make the changes and you exit use the command
6. Run the install script by typing ./install.sh
If your installing Tripwire onto a Linux distro other than RH 5.2 or
6.0 then you will get a warning message asking if you want to continue,
just type y to continue.
7. Press Enter to view the license agreement.
8. Press q to exit the license agreement.
9. Type accept to accept the license agreement.
10. You will now get a message showing you where files will be copied to
by default and it will ask if you want to continue. Type y then
11. Enter a site keyfile passphrase of your choice.
12. Verify a site keyfile passphrase.
13. Enter a local keyfile passphrase of your choice.
14. Verify a local keyfile passphrase.
15. Enter the site keyfile passphrase when prompted.
16. Enter the site keyfile passphrase again.
That's it, Tripwire has been installed into /usr/TSS if you chose
the default directory.
Create the Policy File:
The suse.txt file is used to
generate the Tripwire policy file. If you edit this file you will see all
of the files and directories that will be monitored by Tripwire. I would
suggest getting a copy of the Tripwire pdf file to learn more about the
features of the policy file.
1. Click here to get a copy of the suse.txt file.
2. Copy or download the suse.txt
file to the /usr/TSS/policy directory.
3. Edit the suse.txt file and
change the HOSTNAME to whatever your hostname is.
4. cd to /usr/TSS/bin
5. Enter this command ./twadmin --create-polfile
6. Enter your site passphrase when prompted.
You will now find a file called tw.pol in /usr/TSS/policy
Initialize the Tripwire Database
This is very easy.
1. cd /usr/TSS/bin
2. Run the command ./tripwire --init
3. Enter your local passphrase
You may get a warning that a file or directory does not exist. For
example, the suse.txt policy file
assumes your running Samba. If your not running Samba, you will get an
error such as this:
### Warning: File system error.
### Filename: /etc/smb.conf
### No such file or directory
You will get this error if you do not have this particular application
or if the file is located in a different directory. You can do one of
two things, vi the suse.txt file
and remove the reference to the file and or directory that wasnt found or
you can edit the suse.txt file and
put the path to the file or directory. Once you do this, you will have to
go back to step 4 under "CREATING THE POLICY FILE" then repeat the steps
in "INITIALIZE THE TRIPWIRE DATABASE"
That's it, you have installed Tripwire, created the site policy file and
initialized the database. If you havn't downloaded the Tripwire users
guide in .pdf format I suggest you do since thise NHF doesnt cover how to
operate Tripwire nor does this NHF cover all of Tripwires options.
Good luck and have fun!