Tripwire, a data integrity check tool in CentOS

Source: Internet
Author: User
Tripwire is an open-source integrity check tool. Tripwire generates a unique identifier (also known as & quot; Snapshot & quot;) for the file or directory status ;), and store it for future use. When the Tripwire program runs, it is compared with the snapshot. If no match is found, it reports that the system administrator file has been modified. Through understanding the above running mechanism, we can easily find that the installation time of the integrity check tool is very important, and it is best to use and connect to the delivery user.

Tripwire is an open-source integrity check tool. Tripwire generates a unique identifier (also known as "snapshot") for the file or directory status and stores it for future use. When the Tripwire program runs, it is compared with the snapshot. If no match is found, it reports that the system administrator file has been modified.

 

By understanding the above running mechanism, we can easily find that the installation time of the integrity check tool is very important, preferably during the initial installation of the Linux system before the delivery and connection to the network. Because the integrity check tool only retains the initial state (snapshot) of the system file to ensure the integrity of the system file; if the system takes its snapshot after a period of time, it is likely that it is no longer an image of the original system File (for example, it has been damaged), so the reliability of the integrity detection has been discounted.

 

Lab environment

Centos-5.8

 

Lab software

Gcc-c ++ make wget

Tripwire-2.4.2-src.tar.bz2

 

Software Installation

Yum install-y gcc-c ++ make wget

Tar jxvf tripwire-2.4.2-src.tar.bz2

Cd tripwire-2.4.2-src

./Configure -- prefix =/usr/local/tripwire

Make

Make install

Press ENTER to view the License Agreement. q to skip

License agreement. [do not accept] accept registration information

Continue with installation? [Y/n] y

Enter the site keyfile passphrase: Enter the password

Verify the site keyfile passphrase: secondary confirmation

Enter the local keyfile passphrase: Enter the same password as the first time

Verify the local keyfile passphrase:

Please enter your site passphrase:

In this way, tripwire is installed.

 

Configuration

Cd/usr/local/etc/

Ll

Total 44

-Rw-r ----- 1 root 931 Nov 26 localhost. localdomain-local.key

-Rw-r ----- 1 root 931 Nov 26 site. key

-Rw-r ----- 1 root 4586 Nov 26 14:49 tw. cfg

-Rw-r ----- 1 root 516 Nov 26 14:49 twcfg.txt

-Rw-r ----- 1 root 4159 Nov 26 14:49 tw. pol

-Rw-r ----- 1 root 13715 Nov 26 14:49 twpol.txt

 

Twadmin -- create-example file -- Modify file tw. cfg -- site-keyfile site. key twcfg.txt

Twadmin -- create-polfile-example file tw. cfg -- site-keyfile site. key twpol.txt

Sign the two files

Tripwire -- init policy initialization

Tripwire -- check initialization check

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.