Tripwire is an open-source integrity check tool. Tripwire generates a unique identifier (also known as & quot; Snapshot & quot;) for the file or directory status ;), and store it for future use. When the Tripwire program runs, it is compared with the snapshot. If no match is found, it reports that the system administrator file has been modified. Through understanding the above running mechanism, we can easily find that the installation time of the integrity check tool is very important, and it is best to use and connect to the delivery user.
Tripwire is an open-source integrity check tool. Tripwire generates a unique identifier (also known as "snapshot") for the file or directory status and stores it for future use. When the Tripwire program runs, it is compared with the snapshot. If no match is found, it reports that the system administrator file has been modified.
By understanding the above running mechanism, we can easily find that the installation time of the integrity check tool is very important, preferably during the initial installation of the Linux system before the delivery and connection to the network. Because the integrity check tool only retains the initial state (snapshot) of the system file to ensure the integrity of the system file; if the system takes its snapshot after a period of time, it is likely that it is no longer an image of the original system File (for example, it has been damaged), so the reliability of the integrity detection has been discounted.
Lab environment
Centos-5.8
Lab software
Gcc-c ++ make wget
Tripwire-2.4.2-src.tar.bz2
Software Installation
Yum install-y gcc-c ++ make wget
Tar jxvf tripwire-2.4.2-src.tar.bz2
Cd tripwire-2.4.2-src
./Configure -- prefix =/usr/local/tripwire
Make
Make install
Press ENTER to view the License Agreement. q to skip
License agreement. [do not accept] accept registration information
Continue with installation? [Y/n] y
Enter the site keyfile passphrase: Enter the password
Verify the site keyfile passphrase: secondary confirmation
Enter the local keyfile passphrase: Enter the same password as the first time
Verify the local keyfile passphrase:
Please enter your site passphrase:
In this way, tripwire is installed.
Configuration
Cd/usr/local/etc/
Ll
Total 44
-Rw-r ----- 1 root 931 Nov 26 localhost. localdomain-local.key
-Rw-r ----- 1 root 931 Nov 26 site. key
-Rw-r ----- 1 root 4586 Nov 26 14:49 tw. cfg
-Rw-r ----- 1 root 516 Nov 26 14:49 twcfg.txt
-Rw-r ----- 1 root 4159 Nov 26 14:49 tw. pol
-Rw-r ----- 1 root 13715 Nov 26 14:49 twpol.txt
Twadmin -- create-example file -- Modify file tw. cfg -- site-keyfile site. key twcfg.txt
Twadmin -- create-polfile-example file tw. cfg -- site-keyfile site. key twpol.txt
Sign the two files
Tripwire -- init policy initialization
Tripwire -- check initialization check