Tripwire installation and configuration for CENTOS 5. Warning: There is one thing that have to be taken into consideration. Instead you can be disappointed with result. At last I passed all necessary steps for tripwire configuration on CENTOS 5. There were some differences comparing with Ubuntu. Below are step by step how I performed it: Download Tripwire package. Unfortunately there is no version for CENTOS and I have to download FEDORA version: wget http: //download. Install rpmrpm - ivh tripwire- 2. Modify (first attempts) /etc/tripwire/twpol. I just added admin e- mail to each section as in example below: was(rulename = . Example: I put /etc - > $(SEC. Any successive Tripwire check would be meaningless otherwise. Therefore, run this command whenever it's necessary: tripwire - update- policy - twrfile a. When launched in this way, Tripwire detects as violations any changes that happened after the specified integrity check. In such a case, an actual update of the policy, ignoring such violations, is possible only if the user explicitly tells the program to run in low security mode. The corresponding option is - Z low and is explained in detail in the Tripwire man page. Still have to check what are differences with initialize database and update it. At present moment I prefer to init. When I tried to update, next tripwire - m c reports differences as before. To get result of nightly check by e- mail I have to modify /etc/cron. MWhat I have at lastcat twpol. Global Variable Definitions@@section GLOBALTWROOT=/usr/sbin; TWBIN=/usr/sbin; TWPOL=. Inode is left turned on for keys, which shouldn't# ever change.# NOTE: The first integrity check triggers this rule and each integrity check# afterward triggers this rule until a database update is run, since the# database file does not exist before that point. Get the RPM, done from the /tmp directory. RPMS/tripwire- 2. MD5 checksum to verify this package is secure). Install the Tripwire RPM. Configure your two tw files. Tripwire not included in official repository of RHEL So add EPEL repository to install Tripwire Intrusion Detection System using yum for content integrity checking. DNS; FTP; NFS; Apache; TELNET; SAMBA; LAMP; VPN - OpenVpn & PPTP; VPN - Openswan L2TP.
Warning: There is one thing that have to be taken into consideration. Instead you can be disappointed with result. At last I passed all necessary steps for tripwire. MAILMETHOD =SMTP. SMTPHOST =yourhost. This basically sets up delivery of mail reports for you, it works in. Create the Site Key for this box. Make a config file that will work with this specific key. Edit the Tripwire Policy file for any last changes, just a re- check of. Invoke the policy file to work on this instance of Tripwire. Initialize the Tripwire Database. If you see errors that mention files not found, comment them out of the. Testing it out at the command line.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2017
Categories |