Intrusion Detection Systems: Part II - Installing Tripwire
If you plan to modify the policy file, we recommend you do so before running the configuration script. If you modify the policy file after running the configuration script, you must re-run the configuration file before initializing the database file.
Using RPM s
1. Locate the Red Hat / RPMS directory on the Red Hat Linux 7.0 CD-ROM.
2. Locate the Tripwire binary RPM.
3. Type rpm -ivh
4. After installing the Tripwire binary RPM, follow the post-installation instructions outlined below.
Post-Installation Instructions
The Tripwire binary RPM installs the basic program files needed to run the software. However, this installation does not complete custom configurations that Tripwire 2.3 needs to perform correctly. After you unpack the RPM, you must:
1. Run the configuration script /etc/tripwire/twinstall.sh to sign these files. This script walks you through the processes of setting passphrases and signing the Tripwire policy and configuration files. Once encoded and signed, the configuration file should not be renamed or moved.
If you plan to modify the policy file, we recommend you do so before running the configuration script. If you modify the policy file after running the configuration script, you must re-run the configuration file before initializing the database file.
If you are low on the time factor, you could always make use of the steps (2-5) that we have mentioned in short below. Else, read on.
2. Initialize the Tripwire database file. (/usr/sbin/tripwire--init)
3. Run the first integrity check. (/usr/sbin/tripwire--check)
4. Edit the configuration file (twcfg.txt) with a text editor, if desired.
5. Edit the policy file (twpol.txt) with a text editor, if desired.
Modifying the POLICY file
Toughening up on the intruders depends on the harshness of the stand that you take. Thus for most systems the existing POLICY file (/etc/tripwire/ twpol.txt) will work fine for just out of the box installations. However, to enhance security measures on your part we would personally suggest that you go through the sample POLICY file. A sample POLICY file will be placed in the directory that you unpacked the binaries (i.e. if you were using *.tar.gz s ) else in /usr/doc/tripwire-* ( i.e. if you were using RPM.s). Read the sample policy file and the comments in the sample policy file to learn the policy language.
- « first
- ‹ previous
- of 5
- next ›
- last »