Linux Tripwire ASR 1.3.1
Overview
Tripwire ASR 1.3.1 is the “Academic Source Release (ASR)” of Tripwire software. Personally, I prefer the 1.3.1 version of the software rather than the 2.2.1 version because it can compile and be installed without any compatibility problems on all versions of Linux systems.
As explained in the Tripwire ASR goals:
With the advent of increasingly sophisticated and subtle account break-ins on Unix systems, the need for tools to aid in the detection of unauthorized modification of files becomes clear. Tripwire is a tool that aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner.
Tripwire is a file and directory integrity checker, a utility that compares a designated set of files and directories against information stored in a previously generated database. Any differences are flagged and logged, including added or deleted entries. When run against system files on a regular basis, any changes in critical system files will be spotted - and appropriate damage control measures can be taken immediately. With Tripwire, system administrators can conclude with a high degree of certainty that a given set of files remain free of unauthorized modifications if Tripwire reports no changes.
These installation instructions assume
Commands are Unix-compatible.
The source path is 7var/tmp” (other paths are possible).
Installations were tested on Red Hat Linux 6.1 and 6.2.
All steps in the installation will happen in super-user account “root”.
Tripwire version number is 1.3.1-1
Packages
Tripwire Homepage: http://www.tripwiresecurity.com/ You must be sure to download: Tripwire-1.3.1-1.tar.gz
Tarballs
It is a good idea to make a list of files on the system before you install it, and one afterwards, and then compare them using ‘diff’ to find out what file it placed where. Simply run ‘find /* > Tripwirei’ before and ‘find /* > Tripwire2′ after you install the tarball, and use ‘diff Tripwirei Tripwire2 > Tripwire-Installed’ to get a list of what changed.
Compilation Tripwire-1.3.1-1
Decompress the tarball (tar.gz).
[root@deep /]# cp Tripwire-version.tar.gz /var/tmp
[root@deep /]# cd /var/tmp
[root@deep tmp]# tar xzpf Tripwire-version.tar.gz
Compile and Optimize
Move into the new Tripwire directory and type the following on your terminal:
Edit the utils.c file (vi +462 src/utils.c) and change the line:
else if (iscntrl(*pcin)) {
To read:
else if (Ifpcin & 0×80) && iscntrlfpcin)) {
Edit the config.parse.c file (vi +356 src/config.parse.c) and change the line:
rewind(fpout); To read: else{
rewind(fpin);
Edit the config.h file (vi +106 include/config.h) and change the line:
#define CONFIG_PATH 7usr/local/bin/tw”
#define DATABASE_PATH 7var/tripwire”
To read:
#define CONFIG_PATH “/etc”
#define DATABASE_PATH “/var/spool/tripwire”
Edit the config.h file (vi +165 include/config.h) and change the line:
#define TEMPFILE_TEMPLATE 7tmp/twzXXXXXX”
To read:
#define TEMPFILE_TEMPLATE “/var/tmp/.twzXXXXXX”
Edit the config.pre.y file (vi +66 src/config.pre.y) and change the line:
#ifdefTW_LINUX
To read:
Страниц: 1 2