Tripwireをインストールする

まず必要なファイルをダウンロードしよう。
Tripwire.org - Downloads
ここからダウンロードする。

・Tripwire Open Source RPM 3.0 (Red Hat 5.x-6.2.x)
rpm3 - tripwire-2.3-47.i386.tar.gz (3.2 Mb)
・Tripwire Open Source RPM 4.0 (Red Hat 7.x)
rpm4 - tripwire-2.3-47.i386.tar.gz (3.2 Mb)
・Tripwire Open Source tarball:
tripwire-2.3-47.bin.tar.gz (3.1 Mb)
の3種類があるが、今回はrpmでインストールする。



1. まず、rpmパッケージをインストールする。
   

   # tar -xvzf tripwire-2.3-47.i386.tar.gz # rpm -iv tripwire-2.3-47.i386.rpm Preparing packages for installation... tripwire-2.3-47 ---------------------------------------------- Generating Tripwire configuration file... ---------------------------------------------- Customizing default policy file... A clear-text version of the Tripwire policy file /etc/tripwire/twpol.txt has been created for your inspection. This implements a minimal policy, intended only to test essential Tripwire functionality. You should edit the policy file to describe your system, and then use twadmin to generate a signed copy of the Tripwire policy. IMPORTANT: To complete the Tripwire 2.3 installation, you must run the configuration script: /etc/tripwire/twinstall.sh This script walks you through the processes of setting passphrases and encrypting the policy and configuration files. If you wish to change the contents of your policy file, /etc/tripwire/twpol.txt you may want to do so before running this script. ---------------------------------------------- The installation succeeded. Please refer to /usr/doc/tripwire/README for release information and to the printed user documentation for further instructions on using Open Source Tripwire 2.3 for Linux.

   
   
   
2. インストールスクリプトを実行する。
   途中、サイトキーとローカルキー生成のパスフレーズを聞いてくるので入力する。
   

   # cd /etc/tripwire/ # ls twcfg.txt twinstall.sh twinstall.sh.bak twpol.txt twpol.txt.bak # more twcfg.txt ROOT =/usr/sbin POLFILE =/etc/tripwire/tw.pol DBFILE =/var/lib/tripwire/$(HOSTNAME).twd REPORTFILE =/var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr SITEKEYFILE =/etc/tripwire/site.key LOCALKEYFILE =/etc/tripwire/itnavi-local.key EDITOR =/bin/vi LATEPROMPTING =false LOOSEDIRECTORYCHECKING =false MAILNOVIOLATIONS =true EMAILREPORTLEVEL =3 REPORTLEVEL =3 MAILMETHOD =SENDMAIL SYSLOGREPORTING =false MAILPROGRAM =/usr/lib/sendmail -oi -t # /etc/tripwire/twinstall.sh ---------------------------------------------- The Tripwire site and local passphrases are used to sign a variety of files, such as the configuration, policy, and database files. Passphrases should be at least 8 characters in length and contain both letters and numbers. See the Tripwire manual for more information. ---------------------------------------------- Creating key files... (When selecting a passphrase, keep in mind that good passphrases typically have upper and lower case letters, digits and punctuation marks, and are at least 8 characters in length.) Enter the site keyfile passphrase: Verify the site keyfile passphrase: Generating key (this may take several minutes)...Key generation complete. (When selecting a passphrase, keep in mind that good passphrases typically have upper and lower case letters, digits and punctuation marks, and are at least 8 characters in length.) Enter the local keyfile passphrase: Verify the local keyfile passphrase: Generating key (this may take several minutes)...Key generation complete. ---------------------------------------------- Signing configuration file... Please enter your site passphrase: Wrote configuration file: /etc/tripwire/tw.cfg A clear-text version of the Tripwire configuration file /etc/tripwire/twcfg.txt has been preserved for your inspection. It is recommended that you delete this file manually after you have examined it. ---------------------------------------------- Signing policy file... Please enter your site passphrase: Wrote policy file: /etc/tripwire/tw.pol A clear-text version of the Tripwire policy file /etc/tripwire/twpol.txt has been preserved for your inspection. This implements a minimal policy, intended only to test essential Tripwire functionality. You should edit the policy file to describe your system, and then use twadmin to generate a new signed copy of the Tripwire policy.

   twpol.txtはRedHat7.0用に合わせて作成されているので適宜環境に合わせて修正する。
   
   
3. ベースラインデータベースを作成するには、
   (# tripwire --init と同義)

   # /usr/sbin/tripwire -m i Please enter your local passphrase: Parsing policy file: /etc/tripwire/tw.pol Generating the database... *** Processing Unix File System *** ### Warning: File system error. ### Filename: /usr/sbin/fixrmtab ### No such file or directory ### Continuing...

   ここで存在しないファイルがあると上記のようにエラーメッセージが出力されるの で、twpol.txtを再度修正する。
   # vi /etc/tripwire/twpol.txt
   twpol.txtを修正したら、
   
   
4. twadminコマンドでtwpolに反映させる。
   

   # /usr/sbin/twadmin -m P -c /etc/tripwire/tw.cfg /etc/tripwire/twpol.txt # /usr/sbin/tripwire -m i Please enter your local passphrase: Parsing policy file: /etc/tripwire/tw.pol Generating the database... *** Processing Unix File System *** Wrote database file: /var/lib/tripwire/hoge.twd The database was successfully generated.

   
   

1. Tripwire をインストールする
   
2. Tripwire を運用する
   
3. Tripwire 情報源