Tripwire is a tool for file integrity assessment, a form of intrusion detection that works in conjunction with other security technologies. Tripwire scans a computer system and creates a database of files that contain a compact snapshot of the system in a known state. Once this baseline database is created, you can run an integrity check at any time to detect and report changes to the system.
This chapter discusses the following:
This section tells you how to install Tripwire and provides an example.
To install Tripwire, do the following:
Log in as root or use the su(1) command to switch to root.
Change to the tripwire directory:
# cd /usr/sgi/ise/tripwire |
Run the install.sh script:
# ./install.sh |
Press Enter to view the license agreement. After reading it, enter accept to accept it.
Enter site and local keyfile passphrases (passwords) as prompted.
The following shows an example of the Tripwire installation process. The license agreement text has not been fully reproduced. For your own security, use your own passphrases rather than those shown in this example.
# cd /usr/sgi/ise/tripwire
# ./install.sh
Installer program for:
Tripwire(R) 2.2.1 for Unix
Copyright (C) 1998-2000 Tripwire (R) Security Systems, Inc. Tripwire (R)
is a registered trademark of the Purdue Research Foundation and is
licensed exclusively to Tripwire (R) Security Systems, Inc.
LICENSE AGREEMENT for Tripwire(R) 2.2.1 for Unix
Please read the following license agreement. You must accept the
agreement to continue installing Tripwire.
Press ENTER to view the License Agreement. <Enter_key>
END USER SOFTWARE LICENSE AGREEMENT
This Tripwire Security Systems, Inc. ("Tripwire") End-User License
...
[Text deleted from the example]
...
Please type "accept" to indicate your acceptance of this accept
Using configuration file install.cfg
Checking for programs specified in install configuration file....
/usr/lib/sendmail exists. Continuing installation.
/bin/vi exists. Continuing installation.
This program will copy Tripwire files to the following directories:
TWROOT: /usr/TSS
TWBIN: /usr/TSS/bin
TWMAN: /usr/TSS/man
TWPOLICY: /usr/TSS/policy
TWREPORT: /usr/TSS/report
TWDB: /usr/TSS/db
TWSITEKEYDIR: /usr/TSS/key
TWLOCALKEYDIR: /usr/TSS/key
CLOBBER is false.
----------------------------------------------
Creating directories...
/usr/TSS: created
/usr/TSS/bin: created
/usr/TSS/policy: created
/usr/TSS/report: created
/usr/TSS/db: created
/usr/TSS/key: created
/usr/TSS/key: already exists
/usr/TSS/man: created
----------------------------------------------
Copying files...
/usr/TSS/bin/siggen: copied
/usr/TSS/bin/twprint: copied
/usr/TSS/bin/twadmin: copied
/usr/TSS/bin/tripwire: copied
/usr/TSS/policy/policyguide.txt: copied
/usr/TSS/policy/twpol.txt: copied
/usr/TSS/man/man4/twconfig.4: copied
/usr/TSS/man/man4/twpolicy.4: copied
/usr/TSS/man/man5/twfiles.5: copied
/usr/TSS/man/man8/siggen.8: copied
/usr/TSS/man/man8/tripwire.8: copied
/usr/TSS/man/man8/twadmin.8: copied
/usr/TSS/man/man8/twintro.8: copied
/usr/TSS/man/man8/twprint.8: copied
/usr/TSS/README: copied
/usr/TSS/Release_Notes: copied
/usr/TSS/License.txt: copied
----------------------------------------------
The Tripwire site and local passphrases are used to
sign a variety of files, such as the configuration,
policy, and database files.
Passphrases should be at least 8 characters in length
and contain both letters and numbers.
See the Tripwire manual for more information.
----------------------------------------------
Creating key files...
(When selecting a passphrase, keep in mind that good passphrases typically
have upper and lower case letters, digits and punctuation marks, and are
at least 8 characters in length.)
Enter the site keyfile passphrase: wgEci99!
Verify the site keyfile passphrase:wgEci99!
Generating key (this may take several minutes)...Key generation complete.
(When selecting a passphrase, keep in mind that good passphrases typically
have upper and lower case letters, digits and punctuation marks, and are
at least 8 characters in length.)
Enter the local keyfile passphrase: gtS!i-00
Verify the local keyfile passphrase:gtS!i-00
Generating key (this may take several minutes)...Key generation complete.
----------------------------------------------
Generating Tripwire configuration file...
----------------------------------------------
Creating signed configuration file...
Please enter your site passphrase: wgEci99!
Wrote configuration file: /usr/TSS/bin/tw.cfg
A clear-text version of the Tripwire configuration file
/usr/TSS/bin/twcfg.txt
has been preserved for your inspection. It is recommended
that you delete this file manually after you have examined it.
----------------------------------------------
Customizing default policy file...
----------------------------------------------
Creating signed policy file...
Please enter your site passphrase: wgEci99!
Wrote policy file: /usr/TSS/policy/tw.pol
A clear-text version of the Tripwire policy file
/usr/TSS/policy/twpol.txt
has been preserved for your inspection. This implements
a minimal policy, intended only to test essential
Tripwire functionality. You should edit the policy file
to describe your system, and then use twadmin to generate
a new signed copy of the Tripwire policy.
----------------------------------------------
The installation succeeded.
Please refer to /usr/TSS/Release_Notes
for release information and to the printed user documentation
for further instructions on using Tripwire 2.2.1 for Unix. |