VPS 및 전용 서버(호스팅 컨트롤 센터) 도움말

How to set up Tripwire on CentOS

Tripwire is a software application that provides data integrity and security for Linux-based operating systems by monitoring changes in certain system files. The open source version is available for free, although it isn't included with Red Hat Enterprise Linux (RHEL). The commercial version of Tripwire is part of the TriSentry suite of security tools available from www.psionic.com. Once Tripwire is downloaded and installed, it needs to be configured for its environment. After being initialized, Tripwire can be started from the command line.

DIFFICULTY Basic - 1 | Medium - 2 | Advanced - 3
TIME REQUIRED 30 min
RELATED PRODUCTS CentOS-based VPS or dedicated servers

Install Tripwire

Move to the /tmp directory:

# cd /tmp

Download the appropriate distribution package for your system. The following wget command downloads the latest version of Tripwire for a 64-bit Linux system:

# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/tripwire-2.4.1.2-11.el6.x86_64.rpm

Install Tripwire with this rpm command:

# rpm -ivh tripwire-2.4.1.2-11.el6.x86_64.rpm
Configure Tripwire

The most common configuration changes for Tripwire deal with sending reports, since email support isn't enabled by default. Modify /etc/tripwire/twcfg.txt to deliver email reports for your environment. Assume for this example that you have a central host named localhost that will send Tripwire reports for you. Change the line that reads "MAILMETHOD =SENDMAIL" to read "MAILMETHOD =SMTP". Add a line below that one that reads "SMTPHOST =localhost".

Edit /etc/tripwire/twpol.txt to provide email reports as needed for each rule. These rules generally begin with lines similar to the following:

rulename = "Tripwire Binaries",
severity = $(SIG_HI)

Add a comma to the end of the severity line above if it's not already present. Add another line below it to provide your email address as follows:

emailto = yourname@yourdomain.com

This section should now appear as follows:

rulename = "Tripwire Binaries",
severity = $(SIG_HI),
emailto = yourname@yourdomain.com

Create the key files

Enter the following command to generate the key files for your machine:

# /usr/sbin/tripwire-setup-keyfiles

The above command will prompt you for a pass phrase for site key files, which you'll need to enter twice. You'll also provide a pass phrase for local key files by entering it twice. You'll then provide the appropriate pass phrase to generate the keys for the site and local key files.

Initialize the Tripwire database

The following command will initialize the Tripwire database:

# tripwire --init

Enter the local pass phrase when prompted. The initialization process will normally require at least several minutes and generate many warnings for missing files.

Start Tripwire

Start Tripwire with the following command line:

# tripwire --check --interactive

This command will perform an integrity check, after which you'll be prompted for your local pass phrase to write the database file.


이 글이 도움되었나요?
피드백을 보내주셔서 감사합니다. 고객 서비스 담당자에게 문의하시려면 지원 전화 번호 또는 위의 채팅 옵션을 이용하시기 바랍니다.
도와드릴 수 있어 기쁩니다! 더 도와 드릴 것이 있나요?
그것 유감스럽습니다. 혼동이 되었던 사항 또는 솔루션이 고객님의 문제를 해결하지 못했던 원인을 알려주세요.