Tripwire-file fingerprint

Tripwire-file fingerprint

Tripwire is currently the most famous software tool for file system integrity check in unix. the core technology of this software is to generate a digital signature for each file to be monitored and keep it. When the current digital signature of the file is inconsistent with the retained digital signature, the file must have been modified.
Tripwire can run system files that require verification similar to md5, and generate a unique identifier, that is, "snapshot" snapshot. When any attributes such as the System File Size, inode number, permission, and time are modified, run Tripwire again to compare the attributes before and after and generate relevant detailed reports.
 
1. Download and install
[Root @ ipython ~] # Wget requests ~] # Tar jxf tripwire-2.4.2.2-src.tar.bz2
[Root @ ipython ~] # Cd tripwire-2.4.2.2-src

[Root @ ipython tripwire-2.4.2.2-src] #./configure -- prefix =/software/tripwire
[Root @ ipython tripwire-2.4.2.2-src] # make
[Root @ ipython tripwire-2.4.2.2-src] # make install

########### INSTALL interaction ################# Press ENTER to view the LicenseAgreement. ### press enter to read the Protocol
License agreement. [donot accept] accept ### agree to the agreement Continuewith installation? [Y/n] y ### confirm to continue to install Enter the site keyfile passphrase: ### remember the keyfileVerify the site keyfile passphrase: ### repeat Enter the local keyfile passphrase: ### local keyfileVerify the local keyfile passphrase to be remembered: ### repeat Please enter your site passphrase: ### enter Please enter your site passphrase: ### input ############ interaction ends, complete installation ################ [root @ ipython tripwire-2.4.2.2-src] # ls/software/tripwire/etc/| sort
Ipython. me-local.key #### encrypt the local key file
Site. key #### encrypt the site key file
Tw. cfg #### encrypt the configuration variable File
Tw. pol #### Encryption Policy File
Twcfg.txt #### location of the database, policy file, and Tripwire Executable File
Twpol.txt #### define the object to be detected and the behavior taken during violation
2. Initialization (generate a benchmark database)
[Root @ ipython ~] #/Software/tripwire/sbin/tripwire -- init
Please enter your local passphrase: ### enter the password and omit this interaction later... Wrote database file:/software/tripwire/lib/tripwire/ipython. me. twd
The database was successfully generated.
3. The first integrity check and common check parameters
[Root @ ipython ~] #/Software/tripwire/sbin/tripwire -- check

# Default check report storage path #/software/tripwire/lib/tripwire/report/# specify the storage path # [root @ ipython ~] #/Software/tripwire/sbin/tripwire -- check -- twrfile./test. twr
### Send report via Email ### [root @ ipython ~] #/Software/tripwire/sbin/tripwire -- check -- email-report
### Specify the Email report level ### [root @ ipython ~] #/Software/tripwire/sbin/tripwire -- check -- email-report-level 2 ### check using rules with the specified severity level ### [root @ ipython ~] #/Software/tripwire/sbin/tripwire -- check -- severity 80 ### check with the specified rule name # [root @ ipython ~] #/Software/tripwire/sbin/tripwire -- check -- rule-name rulename
### Check only the specified file or directory [root @ ipython ~] #/Software/tripwire/sbin/tripwire -- check object1 object2 object3
### Ignore an attribute ### [root @ ipython ~] #/Software/tripwire/sbin/tripwire -- check -- ignore "property, property, property" ### get help [root @ ipython ~] #/Software/tripwire/sbin/tripwire -- help all

# View Report # [root @ ipython ~] #/Software/tripwire/sbin/twprint -- print-report -- twrfile./test. twr

# Redirect encryption report content # [root @ ipython ~] #/Software/tripwire/sbin/twprint -- print-report -- twrfile./test. twr> output. text

# Specify the report output level # [root @ ipython ~] #/Software/tripwire/sbin/twprint -- print-report -- report-level 4 -- twrfile./test. twr> output. text
4. Upgrade the benchmark database file
### The purpose of the upgrade is normal, because check is based on the benchmark data ### [root @ ipython ~] #/Software/tripwire/sbin/tripwire -- update -- twrfile./test. twr
### Automatic update immediately after detection ### [root @ ipython ~] #/Software/tripwire/sbin/tripwire -- check -- interactive
5. Update policy file
Update policy stability. You need to modify the policy rules. First, redirect the policy to [root @ ipython ~]. #/Software/tripwire/sbin/twadmin -- print-polfile> twpol.txt
### Modify the image as you like and then update ### [root @ ipython ~] #/Software/tripwire/sbin/tripwire -- update-policy twpol.txt
Parsing policy file:/root/twpol.txt
Please enter your local passphrase: Please enter your site passphrase:
6. Modify the site key and local key
### Back up data before modification ### [root @ ipython ~] #/Software/tripwire/sbin/twadmin -- generate-keys -- site-keyfile/software/tripwire/etc/site. key
[Root @ ipython ~] #/Software/tripwire/sbin/twadmin -- generate-keys -- local-keyfile/software/tripwire/etc/site. key

# The configuration file uses the site key mask, and the data file and report file are encrypted with the local key # [root @ ipython ~] #/Software/tripwire/sbin/twadmin -- encrypt -- site-keyfile/software/tripwire/etc/site. key
[Root @ ipython ~] #/Software/tripwire/sbin/twadmin -- encrypt -- local-keyfile/software/tripwire/etc/ipython. me-local.key

How to install tripwire in RedHat AS4

Data Integrity Monitoring Tool Tripwire 2.4.2.2 released

Http://www.ipython.me/centos/tripwire-file-md5.html Author: IT Chen Yi

This article permanently updates the link address: