Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

18.1. Install, Compile and Optimize

Tripwire is a file and directory integrity checker, a utility that compares a designated set of files and directories against information stored in a previously generated database. Any differences are flagged and logged, including added or deleted entries. When run against system files on a regular basis, any changes in critical system files will be spotted -- and appropriate damage control measures can be taken immediately. With Tripwire, system administrators can conclude with a high degree of certainty that a given set of files remain free of unauthorized modifications if Tripwire reports no changes.

These installation instructions assume:

  • Commands are Unix-compatible.

  • The source path is /var/tmp -other paths are possible.

  • Installations were tested on Red Hat Linux 6.1 and 6.2.

  • All steps in the installation will happen in super-user account root.

  • Tripwire version number is 1.3.1-1

These are the package(s) required and Tripwire Homepage:

https://www.tripwiresecurity.com/

You must be sure to download: Tripwire-1.3.1-1.tar.gz

You need to decompress the Tarballs, It is a good idea to make a list of files on the system before you install it, and one afterwards, and then compare them using diff to find out what file it placed where. Simply run find /* > Tripwire1 before and find /* > Tripwire2 after you install the tarball, and use diff Tripwire1 Tripwire2 > Tripwire-Installed to get a list of what changed.
          [[email protected]] /# cp Tripwire-version.tar.gz /var/tmp
          [[email protected]] /# cd /var/tmp
          [[email protected] ]/tmp# tar xzpf Tripwire-version.tar.gz
          

Move into the new Tripwire directory and Edit the utils.c file (vi +462 src/utils.c) and change the line:

          else if (iscntrl(*pcin)) {
          
To read:
          else if (!(*pcin & 0x80) && iscntrl(*pcin)) {
          

Edit the config.parse.c file, vi +356 src/config.parse.c and change the line:
          rewind(fpout);
          
To read:
          else {
          rewind(fpin);
          }
          

Edit the config.h file, vi +106 include/config.h and change the line:
          #define CONFIG_PATH     "/usr/local/bin/tw"
          #define DATABASE_PATH   "/var/tripwire"
          
To read:
          #define CONFIG_PATH     "/etc"
          #define DATABASE_PATH   "/var/spool/tripwire"
          

Edit the config.h file, vi +165 include/config.h and change the line:
          #define TEMPFILE_TEMPLATE "/tmp/twzXXXXXX"
          
To read:
          #define TEMPFILE_TEMPLATE "/var/tmp/.twzXXXXXX"
          

Edit the config.pre.y file vi +66 src/config.pre.y and change the line:
          #ifdef TW_LINUX
          
To read:
          #ifdef TW_LINUX_UNDEF
          

Edit the Makefile, vi +13 Makefile and change the line:
          DESTDIR = /usr/local/bin/tw
          
To read:
          DESTDIR = /usr/sbin
          
          DATADIR = /var/tripwire
          
To read:
          DATADIR = /var/spool/tripwire
          
          LEX     = lex
          
To read:
          LEX     = flex
          
          CC=gcc
          
To read:
          CC=egcs
          
          CFLAGS = -O
          
To read:
          CFLAGS = -O9 -funroll-loops -ffast-math -malign-double -mcpu=pentiumpro -march=pentiumpro -fomit-frame-pointer -fno-exceptions
          

          [[email protected] ]/tw_ASR_1.3.1_src# make
          [[email protected] ]/tw_ASR_1.3.1_src# make install
            
          [[email protected] ]/tw_ASR_1.3.1_src# chmod 700  /var/spool/tripwire/
          [[email protected] ]/tw_ASR_1.3.1_src# chmod 500 /usr/sbin/tripwire
          [[email protected] ]/tw_ASR_1.3.1_src# chmod 500 /usr/sbin/siggen
          [[email protected] ]/tw_ASR_1.3.1_src# rm -f  /usr/sbin/tw.config
          

  • The above commands make and make install will configure the software to ensure your system has the necessary functionality and libraries to successfully compile the package, compile all source files into executable binaries, and then install the binaries and any supporting files into the appropriate locations.

  • The chmod command will change the default mode of tripwire directory to be 700 drwx------ only readable, writable, and executable by the super-user root. It will make the binary /usr/sbin/tripwire only readable, and executable by the super-user root -r-x------ and finally make the siggen program under /usr/sbin directory only executable and readable by root.

  • The rm command as used above will remove the file tw.config under /usr/sbin. We don't need this file since we will create a new one under /etc directory later.

Do Cleanup later:
          [[email protected]] /# cd /var/tmp
          [[email protected] ]/tmp# rm -rf tw_ASR_version/ Tripwire-version.tar.gz
          
The rm command as used above will remove all the source files we have used to compile and install Tripwire. It will also remove the Tripwire compressed archive from the /var/tmp directory.

 
 
  Published under the terms of the Open Publication License Design by Interspire