Installing and configuring the Tripwire software

N
Netooze
January 31, 2020

The Tripwire program is made use of to check the state of the file system and also discover invasions right into it. Once installed, it scans the data system and stores info concerning each located item in its own database. In this case, each beginning of the operating system starts with monitoring as well as the present values are compared to those already saved. If the program locates distinctions, it notifies the manager concerning it. Hash sums are used as a control, so the values of the item are not kept in the program in full.

Allow's speak a lot more about setting up Tripwire. Ubuntu Server 18.04 is utilized as an examination OS.

Installation

To install the program, use the regular manager:

sudo apt-get install tripwire

During the installation, a dialog box will appear with the initial configuration of the keys:

Screenshot #1. Key configuration.

Tripwire generates an alphanumeric code to secure the file hash. This approach ensures that an attacker does not gain access to information stored inside the program. Select Yes twice.

The wizard will create two keys: site-key and local-key.

  • The first key guarantees the safety and reliability of the program's configuration files. This type of protection is used on different server platforms.
  • The second is to protect the binary files that are located on each host under Tripwire supervision.

First start

The configuration at the first stage is over - we initialize the module:

sudo tripwire --init

The process takes 5-7 minutes. Upon completion, the product will generate hash sums of operating system file objects, which will later be used for comparison.

The software configuration is stored at /etc/tripwire/twpol.txt. To make changes, open the file with a text editor and make changes. After that, we save the new template and update the policy in the program. Next, enter in the terminal:

tripwire --update-policy --secure-mode low /etc/tripwire/twpol.txt

Important! Editing is available only with superuser rights. Before making changes to the current configuration, it is recommended that you back up the file and familiarize yourself with the rules.

To check the changes made, we use the following syntax:

tripwire --check –interactive

Process Automation

Let's consider additional features of the program, in particular, automating the collection of reports.

Every process in Tripwire is automated using an external Cron daemon that comes with Linux by default. For example, let's create a template for activating the Tripwire check twice a day: at night and during the day. Let's open the control panel with the schedule:

crontab –e

The operating system will issue a list of available editors for opening a file, specify any. In the window that opens, enter the following line:

30 */12 * * * tripwire --check --interactive > system-$(date +"%H:%M:%S_%d-%m-%Y")

Now reports are collected automatically.

Start your cloud journey? Take the first step right now.