Friday, March 9, 2012

Fedora 16 Tripwire(OS) Installation

Today I spend some time installing Tripwire Open Source.  With the binaries already being present in the Fedora 16 yum repos, it was pretty easy to get set up.

As root:

yum install tripwire

The RPM comes with a default settings already configured.  You can see them if you browse to the /etc/tripwire directory on your system.  There are a couple of steps that you have to follow before you can initialize the database, however.

As per the docs (the man pages have all the info you are looking for) you need to set up both a site and a local key.  The site key is used for encrypting the policy files across multiple systems.  The local key is used for encrypting files used only on the local machine.  The docs state that they one or both of the keys may be required based on what operation is being conducted.  I just set up both keys.  Remember to use strong pass-phrases.  The key locations are configured in the /etc/tripwire/twcfg.txt file, which will later be encrypted for use by the system.

twadmin -m G -v -S /etc/tripwire/site.key -Q passphrase
twadmin -m G -v -L /etc/tripwire/hostname-local.key -P passphrase

Now that you have the keys configured, you can go ahead and encrypt the configuration and policy files.  Tripwire does this so that the files in use by the tripwire system cannot be modified.  If an attacker does get in, technically they can't modify those files.....

twadmin -m F -c /etc/tripwire/tw.cfg -S /etc/tripwire/site.key -Q passphrase /etc/tripwire/twcfg.txt
twadmin -m P -p /etc/tripwire/tw.pol -S /etc/tripwire/site.key -Q passphrase /etc/tripwire/twpol.txt

After that you can run the tripwire database init.

tripwire -m i

After that, you should be able to use tripwire open source.