Table of Contents
Advertisement
Section 11.2:Installation Instructions
1.
Install Tripwire and customize the policy file — If not already done, install the tripwire RPM
(see Section 11.2.1, RPM Installation Instructions). Then, customize the sample configuration
(/etc/tripwire/twcfg.txt) and policy (/etc/tripwire/twpol.txt) files and run
the configuration script (/etc/tripwire/twinstall.sh). For more information, see Sec-
tion 11.2.2, Post-Installation Instructions.
2.
Initialize the Tripwire database — Build a database of critical system files to monitor based on
the contents of the new, signed Tripwire policy file (/etc/tripwire/tw.pol). For more
information, see Section 11.7, Initializing the Database.
3.
Run a Tripwire integrity check — Compare the newly-created Tripwire database with the actual
system files, looking for missing or altered files. For more information, see Section 11.8, Running
an Integrity Check.
4.
Examine the Tripwire report file — View the Tripwire report file using twprint to note integrity
violations. For more information, see Section 11.9, Printing Reports.
5.
Take appropriate security measures — If monitored files have been altered inappropriately, you
can either replace the originals from backups or reinstall the program.
6.
Update the Tripwire database file — If the integrity violations are intentional and valid, such
as if you intentionally edited a file or replaced a particular program, you should tell Tripwire's
database file to not report them as violations in future reports. For more information, see Section
11.10, Updating the Database after an Integrity Check.
7.
Update the Tripwire policy file — If you need to change the list of files Tripwire monitors or how
it treats integrity violations, you should update your sample policy file (/etc/tripwire/tw-
pol.txt), regenerate a signed copy (/etc/tripwire/tw.pol), and update your Tripwire
database. For more information, see Section 11.11, Updating the Policy File.
Refer to the appropriate sections within this chapter for detailed instructions on these steps.
11.2 Installation Instructions
Once installed, Tripwire must also be correctly initialized to be able to keep a close watch on your
files. These sections detail how to install the program, if it is not already present on your system, and
then how to initialize the Tripwire database.
11.2.1 RPM Installation Instructions
The easiest way to install Tripwire is to install the tripwire RPM during the Red Hat Linux 7.2
installation process. However, if you've already installed Red Hat Linux 7.2, you can use RPM,
Gnome-RPM, or Kpackage to install the Tripwire RPM from the Red Hat Linux 7.2 CD-ROMs.
The following steps outline this process using RPM:
169
Advertisement
Table of Contents
