---

---

Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 193 Linux Tripwire 2.2.1 Overview A tipical Red Hat Linux server installation handles approximatively 30400 files. In their busy times administrators can’t check the integrities of all system files and if a cracker has acceded you server, it can install or modify some files without your knowledge easily. Due to the possibility of this event some programs have been created to respond to this kind of problem. According to the official Tripwire site: Tripwire works at the most fundamental layer, protecting the servers and workstations that make up the corporate network. Tripwire works by first scanning a computer and creating a database of system files, a compact digital "snapshot" of the system in a known secure state. The user can configure Tripwire very precisely, specifying individual files and directories on each machine to monitor, or creating a standard template that can be used on all machines in an enterprise. Once this baseline database is created, a system administrator can use Tripwire to check the integrity of a system at any time. By scanning the current system and comparing that information with the data stored in the database, Tripwire detects and reports any additions, deletions, or changes to the system outside of the specified boundaries. If these changes are valid, the administrator can update the baseline database with the new information.  If malicious changes are found, the system administrator will instantly know which parts of which components of the network have been affected. This version of Tripwire has significant product enhancements over previous versions of Tripwire. Some of the enhancements include: · Multiple levels of reporting allow you to choose different levels of report detail. · Syslog option sends information about database initialization, database update, policy update and integrity check to the syslog. · Database performance has been optimized to increase the efficiency of integrity checks. · Individual email recipients can be sent certain sections of a report. · SMTP email reporting support. · Email test mode enables you to verify that the email settings are correct. · Ability to create multiple sections within a policy file to be executed separately. These installation instructions assume  Commands are Unix-compatible. The source path is “/var/tmp”  (other paths are possible). Installations were tested on RedHat Linux 6.1. All steps in the installation will happen in superuser account “root”. Tripwire version number is 2.2.1 Packages Tripwire Homepage: http://www.tripwiresecurity.com/ You must be sure to download: Tripwire_221_for_Linux_x86_tar.gz Compilation Tripwire-2.2.1 Decompress the tarball (tar.gz). [root@deep /]# cp Tripwire_version_for_Linux_x86_tar.gz /var/tmp [root@deep /]# cd /var/tmp