Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!
« previous next »
Pages: [1]   Go Down

Author Topic: Install and configure Tripwire in CentOS server  (Read 4491 times)

0 Members and 1 Guest are viewing this topic.

jominj

  • Guest
Install and configure Tripwire in CentOS server
« on: April 15, 2014, 12:22:23 pm »
Tripwire is an opensource security and data  integrity tool. We can configure tripwire to get alerts and warnings when the files and directories get modified. Thus we monitor which files or directories are being modified. If the changes are  valid and essential we can accept the changes by updating the tripwire database.

1. We can install Tripwire from the EPEL directory.
Code: [Select]
[root@server ~]# wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
[root@server ~]# rpm -ivh epel-release-6-8.noarch.rpm
2. Let's Install Tripwire
Code: [Select]
[root@server ~]# yum install tripwire -y
3. Now we can create site and setup pass phrases using the command
Code: [Select]
[root@server ~]# tripwire-setup-keyfiles We have to provide the site pass phrase and local pass phrase when prompted for the same.

4. Next step we can Initialize the tripwire database.
Code: [Select]
[root@server ~]# tripwire --initWhile executing this command we will get some error like file system error or No such file or directory. This is because we have not created the tripwire policy file, so we can ignore this messages.

5. We can setup the tripwire policy file. Open the tripwire policy file /etc/tripwire/twpol.txt
Code: [Select]
[root@server ~]# vim /etc/tripwire/twpol.txt we can see entries like the following:
Code: [Select]
(
  rulename = "OS Boot Files and Mount Points",
)
{
  /boot                         -> $(ReadOnly) ;
  /cdrom                        -> $(Dynamic) ;
  /floppy                       -> $(Dynamic) ;
  /mnt                          -> $(Dynamic) ;
}Policy file determines the files and directories that should be monitored for changes. We can also specify the file attributes that should be monitored or ignored.

6. Next we have to update the tripwire policy file.
Code: [Select]
[root@server ~]# ./tripwire --update-policy --secure-mode low ../etc/twpol.txt
7. Now we have done with the setup. Let's run tripwire for the first time.
Code: [Select]
[root@server ~]# tripwire --check --interactivewe well get a detailed report while executing this command.

8. Lets check the tripwire report file. All the tripwire report file will have the extension .twr and is located at /var/lib/tripwire/report/ directory. The problem is these are not text files so we have to convert this to readable text files.
Code: [Select]
[root@server ~]# twprint --print-report --twrfile /var/lib/tripwire/report/server.twr > /tmp/twrreport.txtafter this we can read the report file in a text editor.

9. To view the tripwire configuration files we can use the command
Code: [Select]
[root@server ~]# twadmin --print-cfgfile


Logged
Pages: [1]   Go Up
« previous next »