System Integrity Try it Out: Downloading, Configuring, and Running Tripwire 1. 2. 3. 4. Tripwire is available in RPM format for Red Hat Linux, which makes installation very straightforward. It’s available on the Red Hat Linux 9 CD-ROMs, but as an interesting exercise, we’ll try using the rpm command’s built-in FTP and HTTP client. We’ll use the rpm command to download and install the Tripwire RPM with a single command! Open a terminal window and switch to the root user and type in the following command (all on one line): Note You’ll need to change the httpproxy IP address and httpport port number to suit your Internet connection (omit them if you don’t need to go through a proxy server to access the Internet). # rpm -iv –httpproxy 10.4.65.2 –httpport 3128 http://ftp.redhat.com/pub/redhat/linux/9/en/os/i386/RedHat/RPMS/tripwire- 2.3.1-17.i386.rpm The command also assumes that you’re running on an Intel architecture machine. If not, replace the occurrences of i386 with your machine’s architecture. After a few minutes (depending on the speed of your Internet connection), you should see the message Preparing packages for installation… followed by tripwire-2.3.1-17, and be returned to the command prompt. You can confirm that the Tripwire package was installed by running the following command: # rpm -q tripwire If all is well, you’ll get the package version information back; if not, you’ll get a message saying that package tripwire is not installed (in which case, just download the RPM in the conventional way, and try again). Now we’ve got tripwire installed, we can go on to configure its policies and complete the setup. Before diving in to the configuration, we should take time to read the README file in /usr/share/doc/tripwire-2.3.1, and the twintro and twpolicy man pages to familiarize ourselves with the required configuration tasks. These can be divided into three distinct steps: Setting up the policy file Initializing the Tripwire database Configuring Tripwire to run periodically and report system integrity violations Let’s begin with the policy file. Tripwire’s policy file defines which files and directories tripwire should monitor for changes, and what sort of changes are significant. For some files, e.g. /bin/login, any change in file contents, modification date, or ownership is suspicious, but we’d expect them to be accessed frequently. Other files, such as log files, are expected to grow in size, but not change ownership. The policy file that is installed with the RPM in /etc/tripwire/twpol. txt tells Tripwire to monitor many files that probably don’t exist on our system, so we’ll get lots of spurious error messages when we run an integrity check. What we really need to do is edit the policy file so that files and directories that don’t exist aren’t monitored, and conversely, if there are files and directories that do exist but are commented out in the policy file are reinstated. It would be tedious to do this by hand, so let’s use our new-found knowledge of Perl to write a script to do it for us. 5. The algorithm we need to employ is straightforward. If we find a line that looks like an instruction to 410
Note: If you are looking for reliable and quality webspace company to host and run your servlet application check professional servlet hosting services