LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices



Reply
 
Search this Thread
Old 01-07-2006, 05:11 PM   #1
little_penguin
Member
 
Registered: Nov 2004
Location: Scotland
Distribution: Suse 10 - Running KDE
Posts: 314

Rep: Reputation: 30
Red face Anyone know about tripwire?


Anyone know if tripwire is any good? Ive heard it can protect a system well, does it have a graphical frontend?

Thanks
 
Old 01-07-2006, 05:49 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
what is it with you and GUI's???
 
Old 01-07-2006, 06:19 PM   #3
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 162Reputation: 162
I use tripwire tripwire-2.4.0.1 from sourceforge - it's very good but you have to be willing to work with it. There's no GUI, but the steps to get it running from sources are...

Starting in the extracted source directory:

Code:
./configure
make
# NOTE: You may have to use `ln -s contrib install` before the make install will work
make install
The `make install` step will generate your keys (you will be prompted for the passphrase) and the config/policy files. These files are in /usr/local/etc with a default install like the one above. Change to /usr/local/etc. Check that twcfg.txt & twpol.txt are correct for your setup. If not you will have to re-generate the binaries from these with:

Code:
twadmin --create-cfgfile --verbose --site-keyfile site.key twcfg.txt
twadmin --create-polfile --verbose --cfgfile tw.cfg --site-keyfile site.key twpol.txt
tripwire --init --cfgfile tw.cfg
There may be errors because of missing files/directories. Modify twpol.txt and re-run the above steps. The tripwire database will be created in /usr/local/lib/tripwire. Next, create the file `/etc/cron.daily/tripwire-check` with the following contents:

Code:
#!/bin/sh
HOST_NAME=`uname -n`
if [ ! -e /usr/local/lib/tripwire/${HOST_NAME}.twd ] ; then
        echo "****    Error: Tripwire database for ${HOST_NAME} not found.    ****"
        echo "**** Run "tripwire --init". ****"
else
  test -f /usr/local/etc/tw.cfg && /usr/local/sbin/tripwire --check --email-report-level 1 --email-report
fi
You will have a report generated each day based on your policy settings. Run:

Code:
/usr/local/sbin/tripwire --update --polfile /usr/local/etc/tw.pol --twrfile /usr/local/lib/tripwire/report/<reportname>
Audit the changes and apply or check them out as necessary.

One last thing, make sure only root can read the tripwire files and keep backups of everything - especially the plain text config and policy files.

Hope that helps - it's not exact so be prepared to improvise...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
tripwire-2.3.1-2 jacky Red Hat 1 08-11-2004 05:47 PM
tripwire help spideywebsling Linux - Security 1 07-09-2004 05:57 PM
I need tripwire help Darkangel90 Slackware 2 04-22-2004 02:15 AM
tripwire reports /usr/sbin/tripwire changed alfaalfabeta Linux - Security 5 07-22-2003 06:52 PM
Tripwire? janderson622 Linux - Security 2 05-01-2001 01:33 PM


All times are GMT -5. The time now is 08:58 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration