Tripwire, a data integrity check tool in CentOS

Tripwire is an open-source integrity check tool. Tripwire generates a unique identifier (also known as & quot; Snapshot & quot;) for the file or directory status ;), and store it for future use. When the Tripwire program runs, it is compared with the snapshot. If no match is found, it reports that the system administrator file has been modified. Through understanding the above running mechanism, we can easily find that the installation time of the integrity check tool is very important, and it is best to use and connect to the delivery user.

Tripwire is an open-source integrity check tool. Tripwire generates a unique identifier (also known as "snapshot") for the file or directory status and stores it for future use. When the Tripwire program runs, it is compared with the snapshot. If no match is found, it reports that the system administrator file has been modified.

 

By understanding the above running mechanism, we can easily find that the installation time of the integrity check tool is very important, preferably during the initial installation of the Linux system before the delivery and connection to the network. Because the integrity check tool only retains the initial state (snapshot) of the system file to ensure the integrity of the system file; if the system takes its snapshot after a period of time, it is likely that it is no longer an image of the original system File (for example, it has been damaged), so the reliability of the integrity detection has been discounted.

 

Lab environment

Centos-5.8

 

Lab software

Gcc-c ++ make wget

Tripwire-2.4.2-src.tar.bz2

 

Software Installation

Yum install-y gcc-c ++ make wget

Tar jxvf tripwire-2.4.2-src.tar.bz2

Cd tripwire-2.4.2-src

./Configure -- prefix =/usr/local/tripwire

Make

Make install

Press ENTER to view the License Agreement. q to skip

License agreement. [do not accept] accept registration information

Continue with installation? [Y/n] y

Enter the site keyfile passphrase: Enter the password

Verify the site keyfile passphrase: secondary confirmation

Enter the local keyfile passphrase: Enter the same password as the first time

Verify the local keyfile passphrase:

Please enter your site passphrase:

In this way, tripwire is installed.

 

Configuration

Cd/usr/local/etc/

Ll

Total 44

-Rw-r ----- 1 root 931 Nov 26 localhost. localdomain-local.key

-Rw-r ----- 1 root 931 Nov 26 site. key

-Rw-r ----- 1 root 4586 Nov 26 14:49 tw. cfg

-Rw-r ----- 1 root 516 Nov 26 14:49 twcfg.txt

-Rw-r ----- 1 root 4159 Nov 26 14:49 tw. pol

-Rw-r ----- 1 root 13715 Nov 26 14:49 twpol.txt

 

Twadmin -- create-example file -- Modify file tw. cfg -- site-keyfile site. key twcfg.txt

Twadmin -- create-polfile-example file tw. cfg -- site-keyfile site. key twpol.txt

Sign the two files

Tripwire -- init policy initialization

Tripwire -- check initialization check