Securities Software (System Integrity).Linux Tripwire 2.2.1
Overview
A typical Red Hat Linux server installation handles approximately 30,400 files. At their busiest times, administrators can’t check the integrity of all system files, and if a cracker has accessed your server, he or she can install or modify files without your knowledge quite easily. Due to the possibility of this event some programs have been created to respond to this kind of problem.
According to the official Tripwire site:
Tripwire works at the most fundamental layer, protecting the servers and workstations that make up the corporate network. Tripwire works by first scanning a computer and creating a database of system files, a compact digital “snapshot” of the system in a known secure state. The user can configure Tripwire very precisely, specifying individual files and directories on each machine to monitor, or creating a standard template that can be used on all machines in an enterprise.
Once this baseline database is created, a system administrator can use Tripwire to check the integrity of a system at any time. By scanning the current system and comparing that information with the data stored in the database, Tripwire detects and reports any additions, deletions, or changes to the system outside of the specified boundaries. If these changes are valid, the administrator can update the baseline database with the new information. If malicious changes are found, the system administrator will instantly know which parts of which components of the network have been affected.
This version of Tripwire has significant product enhancements over previous versions of Tripwire. Some of the enhancements include:
s Multiple levels of reporting allow you to choose different levels of report detail.
s Syslog option sends information about database initialization, database update, policy
update and integrity check to the syslog.
s Database performance has been optimized to increase the efficiency of integrity checks.
s Individual email recipients can be sent certain sections of a report.
s SMTP email reporting support.
s Email test mode enables you to verify that the email settings are correct.
s Ability to create multiple sections within a policy file to be executed separately.
These installation instructions assume
Commands are Unix-compatible.
The source path is 7var/tmp” (other paths are possible).
Installations were tested on Red Hat Linux 6.1 and 6.2.
All steps in the installation will happen in super-user account “root”.
Tripwire version number is 2.2.1
Packages
Tripwire Homepage: http://www.tripwiresecurity.com/
You must be sure to download: Tripwire_221_for_Linux_x86_tar.gz
Compilation Tripwire-2.2.1
Decompress the tarball (tar.gz).
[root@deep /]# cp Tripwire_version_for_Linux_x86_tar.gz /var/tmp [root@deep /]# cd /var/tmp
[root@deep tmp]# tar xzpf Tripwire_version_for_Linux_x86_tar.gz
NOTE: After the decompression of Tripwire you will see the following files in your 7var/tmp” directory related to Tripwire software: License.txt, README, Release_Notes, install.cfg, install.sh, the package directory and the Tripwire tar.gz file Tripwire_version_for_Linux_x86_tar.gz.
Configuration of the “/var/tmp/install.cfg” file
Recall that Tripwire version 2.2.1 is not open source, so you cannot compile and install it like other archives source files; instead you must modify the “install.cfg” file of tripwire (that will install automatically Tripwire software for you) to specify installation paths for your system. We must modify this file to be compliant with Red Hat’s file system structure and install Tripwire binaries under our PATH Environment Variable.
Step1