1.1. Setting Up Tripwire
Problem
You want to prepare a computer to use Tripwire for the first time.
Solution
After you have installed Tripwire, do the following:
# cd /etc/tripwire # ./twinstall.sh # tripwire --init # rm twcfg.txt twpol.txt
Discussion
The script twinstall.sh performs the following tasks within the directory /etc/tripwire:
Creates the site key and the local key, prompting you to enter their passphrases. (If the keys exist, this step is skipped.) The site key is stored in site.key, and the local key in hostname-local.key, where hostname is the hostname of the machine.
Signs the default configuration file, twcfg.txt, with the site key, creating tw.cfg.
Signs the default policy file, twpol.txt, with the site key, creating tw.pol.
If for some reason your system doesn’t have twinstall.sh, equivalent manual steps are:
Helpful variables: DIR=/etc/tripwire SITE_KEY=$DIR/site.key LOCAL_KEY=$DIR/`hostname`-local.key Generate the site key: # twadmin --generate-keys --site-keyfile $SITE_KEY Generate the local key: # twadmin --generate-keys --local-keyfile $LOCAL_KEY Sign the configuration file: # twadmin --create-cfgfile --cfgfile $DIR/tw.cfg \ --site-keyfile $SITE_KEY $DIR/twcfg.txt Sign the policy file: # twadmin --create-polfile --cfgfile $DIR/tw.cfg \ --site-keyfile $SITE_KEY $DIR/twpol.txt Set appropriate permissions: # cd $DIR # chown root:root $SITE_KEY $LOCAL_KEY tw.cfg tw.pol # chmod 600 $SITE_KEY $LOCAL_KEY tw.cfg tw.pol
(Or chmod 640 to allow a root group to access the files.) ...