Appendix G. Installing and Configuring Tripwire

Tripwire v2.3 software ensures the integrity of critical system files and directories by identifying all changes made to specified system files and directories. Configure Tripwire software to monitor your system in the way that is best for you.

Tripwire software works by comparing files and directories against a baseline. It generates the baseline by taking a snapshot of specified files and directories in a known secure state. Tripwire software then compares the current system against the baseline and reports any modifications, additions, or deletions. Use Tripwire software for system security, intrusion detection, damage assessment, and recovery forensics.

While it is recommended that Tripwire be selected and installed during the Red Hat Linux 7.0 installation process, it is possible to install it after your Red Hat Linux system has been installed. The following steps outline this process:

  1. Locate the RedHat/RPMS directory on the Red Hat Linux 7.0 CD-ROM.

  2. Locate the Tripwire binary RPM.

  3. Type rpm -i <name> (where <name> is the name of the Tripwire RPM found in step 2)

  4. After installing the Tripwire binary RPM, follow the post-installation instructions outlined below.

Note

We recommend you read the release notes and README file.

Post-Installation Instructions

The Tripwire binary RPM installs the basic program files needed to run the software. However, this installation does not complete custom configurations that Tripwire 2.3 needs to perform correctly. After you unpack the RPM, you must:

  1. Run the configuration script /etc/tripwire/twinstall.sh to sign these files. This script walks you through the processes of setting passphrases and signing the Tripwire policy and configuration files.

    NotePlease Note
     

    Once encoded and signed, the configuration file should not be renamed or moved.

  2. Initialize the Tripwire database file. (/usr/sbin/tripwire--init)

  3. Run the first integrity check. (/usr/sbin/tripwire--check)

  4. Edit the configuration file (twcfg.txt) with a text editor, if desired.

  5. Edit the policy file (twpol.txt) with a text editor, if desired.

    NotePlease Note
     

    If you plan to modify the policy file, we recommend you do so before running the configuration script. If you modify the policy file after running the configuration script, you must re-run the configuration file before initializing the database file.