Installation Instructions

Once installed, Tripwire must also be correctly initialized to be able to keep a close watch on your files. These sections detail how to install the program, if it is not already present on your system, and then how to initialize the Tripwire database.

RPM Installation Instructions

The easiest way to install Tripwire is to install the tripwire RPM during the Red Hat Linux 7.1 installation process. However, if you've already installed Red Hat Linux 7.1, you can use RPM, Gnome-RPM, or Kpackage to install the Tripwire RPM from the Red Hat Linux 7.1 CD-ROMs. The following steps outline this process using RPM:

  1. Locate the RedHat/RPMS directory on the Red Hat Linux 7.1 CD-ROM.

  2. Locate the tripwire binary RPM by typing ls -l tripwire* in the RedHat/RPMS directory.

  3. Type rpm -Uvh <name> (where <name> is the name of the Tripwire RPM found in step 2)

  4. After installing the tripwire RPM, follow the post-installation instructions outlined below.

NoteNote
 

The release notes and README file are located in /usr/share/doc/tripwire-<version-number>. These documents contain important information about the default policy file and other issues.

Post-Installation Instructions

The tripwire RPM installs the program files needed to run the software. After you've installed Tripwire, you must configure it for your system as outlined in the following steps:

  1. If you already know of several changes that should be made to the configuration file (/etc/tripwire/twcfg.txt) or the policy file (/etc/tripwire/twpol.txt), edit those files now.

    NoteNote
     

    While you should edit your configuration and policy files to customize Tripwire to your particular situation, editing the configuration or policy files is not required to use Tripwire. If you plan to modify the configuration or policy files, you must make these changes before running the configuration script (/etc/tripwire/twinstall.sh). If you modify the configuration or policy files after running the configuration script, you must re-run the configuration script before initializing the database file. Keep in mind that you can edit the configuration and policy files after initializing the database file and running an integrity check.

  2. Type /etc/tripwire/twinstall.sh at the command line as root and press [Enter] to run the configuration script. The twinstall.sh script walks you through the processes of setting passphrases, generating the cryptographic keys that protect the Tripwire configuration and policy files, and signing these files. See the section called Selecting Passphrases for more information on setting passphrases.

    NoteNote
     

    Once encoded and signed, the configuration file (/etc/tripwire/tw.cfg) and policy file (/etc/tripwire/tw.pol) generated by running the /etc/tripwire/twinstall.sh script should not be renamed or moved.

  3. Initialize the Tripwire database file by issuing the /usr/sbin/tripwire --init command at the command line.

  4. Run the first integrity check comparing your new Tripwire database to your system files by issuing the /usr/sbin/tripwire --check command at the command line and looking for errors in the generated report.

Once you finish these steps successfully, Tripwire has the baseline snapshot of your filesystem that it needs to check for changes to critical files. Additionally, the tripwire RPM adds a file called tripwire-check to the /etc/cron.daily directory that will automatically run an integrity check once per day.