IDS/Tripwire
Installation
yum install tripwire
First Setup
By hands
The RPM comes with a default settings already configured. You can see them if you browse to the /etc/tripwire directory on your system. There are a couple of steps that you have to follow before you can initialize the database, however.
As per the docs (the man pages have all the info you are looking for) you need to set up both a site and a local key. The site key is used for encrypting the policy files across multiple systems. The local key is used for encrypting files used only on the local machine. The docs state that they one or both of the keys may be required based on what operation is being conducted. I just set up both keys. Remember to use strong pass-phrases. The key locations are configured in the /etc/tripwire/twcfg.txt file, which will later be encrypted for use by the system.
twadmin -m G -v -S /etc/tripwire/site.key -Q passphrase twadmin -m G -v -L /etc/tripwire/hostname-local.key -P passphrase
Now that you have the keys configured, you can go ahead and encrypt the configuration and policy files. Tripwire does this so that the files in use by the tripwire system cannot be modified. If an attacker does get in, technically they can't modify those files.....
twadmin -m F -c /etc/tripwire/tw.cfg -S /etc/tripwire/site.key -Q passphrase /etc/tripwire/twcfg.txt twadmin -m P -p /etc/tripwire/tw.pol -S /etc/tripwire/site.key -Q passphrase /etc/tripwire/twpol.txt
With Script
tripwire-setup-keyfiles
Init
After that you can run the tripwire database init.
tripwire -m i
After that, you should be able to use tripwire open source.
