Chapter 11. Tripwire
149
Warning
For security purposes, you should either delete or store in a secure location any copies of the plain
text /etc/tripwire/twpol.txt file after running the installation script or regenerating a signed con
figuration file. Alternatively, you can change the permissions so that it is not world readable.
11.3.3. Run the
twinstall.sh
Script
As the root user, type
/etc/tripwire/twinstall.sh
at the shell prompt to run the configuration
script. The
twinstall.sh
script will ask you for site and local passwords. These passwords are used
to generate cryptographic keys for protecting Tripwire files. The script then creates and signs these
files.
When selecting the site and local passwords, you should consider the following guidelines:
Use at least eight alphanumeric and symbolic characters, but for each password do not exceed 1023.
Do not use quotes in a password.
Make the Tripwire passwords completely different from the root or any other password for the
system.
Use unique passwords for both the site key and the local key.
The site key password protects the Tripwire configuration and policy files. The local key password
protects the Tripwire database and report files.
Warning
There is no way to decrypt a signed file if you forget your password. If you forget the passwords, the
files are unusable and you will have to run the configuration script again.
By encrypting its configuration, policy, database, and report files, Tripwire protects them from being
viewed by anyone who does not know the site and local passwords. This means that, even if an intruder
obtains root access to your system, they will not be able to alter the Tripwire files to hide their tracks.
Once encrypted and signed, the configuration and policy files generated by running the
twinstall.sh
script should not be renamed or moved.
11.4. Initialize the Tripwire Database
Initialize the Tripwire database file by issuing the
/usr/sbin/tripwire init
command at the
command line.
When initializing its database, Tripwire builds a collection of file system objects based on the rules in
the policy file. This database serves as the baseline for integrity checks.
To initialize the Tripwire database, use the following command:
/usr/sbin/tripwire init
This command can take several minutes to run.
Once you finish these steps successfully, Tripwire has the baseline snapshot of your file system nec
essary to check for changes in critical files. After initializing the Tripwire database, you should run
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved