Tripwireのインストール
概要:ファイル改竄検知システム(Tripwire) をインストールする。
1. Tripwireのソースのダウンロード # cd /tmp/work # wget http://jaist.dl.sourceforge.net/sourceforge/tripwire/tripwire-2.4.2-src.tar.bz2 注:最新版のURLはダウンロードページ[http://sourceforge.net/projects/tripwire/]で確認すること。 2. TripwireのInstall # tar jxvf tripwire-2.4.2-src.tar.bz2 ← tripwire展開 # cd tripwire-2.4.2-src ← tripwire展開先ディレクトリへ移動 # ./configure --prefix=/usr/local/tripwire sysconfdir=/etc/tripwire && make && make install ← tripwireインストール checking build system type... i686-pc-linux-gnu checking host system type... i686-pc-linux-gnu checking target system type... i686-pc-linux-gnu : : Installer program for: Tripwire(R) 2.4 Open Source Copyright (C) 1998-2000 Tripwire (R) Security Systems, Inc. Tripwire (R) is a registered trademark of the Purdue Research Foundation and is licensed exclusively to Tripwire (R) Security Systems, Inc. LICENSE AGREEMENT for Tripwire(R) 2.4 Open Source Please read the following license agreement. You must accept the agreement to continue installing Tripwire. Press ENTER to view the License Agreement. ← 空ENTER SPACEキー押下でライセンス表示を流す GNU GENERAL PUBLIC LICENSE Version 2, June 1991 : : Please type "accept" to indicate your acceptance of this license agreement. [do not accept] accept ← accept応答 Using configuration file ./install/install.cfg Checking for programs specified in install configuration file.... /usr/sbin/sendmail -oi -t exists. Continuing installation. /bin/vi exists. Continuing installation. ---------------------------------------------- Verifying existence of binaries... ./bin/siggen found ./bin/tripwire found ./bin/twprint found ./bin/twadmin found This program will copy Tripwire files to the following directories: TWBIN: /usr/local/tripwire/sbin TWMAN: /usr/local/tripwire/man TWPOLICY: /etc/tripwire TWREPORT: /usr/local/tripwire/lib/tripwire/report TWDB: /usr/local/tripwire/lib/tripwire TWSITEKEYDIR: /etc/tripwire TWLOCALKEYDIR: /etc/tripwire CLOBBER is false. Continue with installation? [y/n] y ← y応答 ---------------------------------------------- Creating directories... /usr/local/tripwire/sbin: already exists /etc/tripwire: created /usr/local/tripwire/lib/tripwire/report: created /usr/local/tripwire/lib/tripwire: already exists /etc/tripwire: already exists /etc/tripwire: already exists /usr/local/tripwire/man: created /usr/local/tripwire/doc/tripwire: created ---------------------------------------------- Copying files... /usr/local/tripwire/doc/tripwire/COPYING: copied /usr/local/tripwire/doc/tripwire/TRADEMARK: copied /usr/local/tripwire/doc/tripwire/policyguide.txt: copied /etc/tripwire/twpol-Linux.txt: copied ---------------------------------------------- The Tripwire site and local passphrases are used to sign a variety of files, such as the configuration, policy, and database files. Passphrases should be at least 8 characters in length and contain both letters and numbers. See the Tripwire manual for more information. ---------------------------------------------- Creating key files... (When selecting a passphrase, keep in mind that good passphrases typically have upper and lower case letters, digits and punctuation marks, and are at least 8 characters in length.) Enter the site keyfile passphrase: ← 任意のサイトパスフレーズ応答 : sitepasswd Verify the site keyfile passphrase: ← 任意のサイトパスフレーズ応答(確認) Generating key (this may take several minutes)...Key generation complete. (When selecting a passphrase, keep in mind that good passphrases typically have upper and lower case letters, digits and punctuation marks, and are at least 8 characters in length.) Enter the local keyfile passphrase: ← 任意のローカルパスフレーズ応答 : localpasswd Verify the local keyfile passphrase: ← 任意のローカルパスフレーズ応答(確認) Generating key (this may take several minutes)...Key generation complete. ---------------------------------------------- Generating Tripwire configuration file... ---------------------------------------------- Creating signed configuration file... Please enter your site passphrase: ← サイトパスフレーズ応答 Wrote configuration file: /etc/tripwire/tw.cfg A clear-text version of the Tripwire configuration file /etc/tripwire/twcfg.txt has been preserved for your inspection. It is recommended that you delete this file manually after you have examined it. ---------------------------------------------- Customizing default policy file... ---------------------------------------------- Creating signed policy file... Please enter your site passphrase: ← サイトパスフレーズ応答 Wrote policy file: /etc/tripwire/tw.pol A clear-text version of the Tripwire policy file /etc/tripwire/twpol.txt has been preserved for your inspection. This implements a minimal policy, intended only to test essential Tripwire functionality. You should edit the policy file to describe your system, and then use twadmin to generate a new signed copy of the Tripwire policy. ---------------------------------------------- The installation succeeded. Please refer to for release information and to the printed user documentation for further instructions on using Tripwire 2.4 Open Source. make[3]: ディレクトリ `/tmp/work/tripwire-2.4.2-src' から出ます make[2]: ディレクトリ `/tmp/work/tripwire-2.4.2-src' から出ます make[1]: ディレクトリ `/tmp/work/tripwire-2.4.2-src' から出ます # cd ← rootのHOMEディレクトリーに移動 # echo PATH=$PATH:/usr/local/tripwire/sbin >> .bashrc ← tripwire実行ファイル格納ディレクトリへパスを通す # . ./.bashrc ← .bashrcを実行して有効にする。初めのピリオッドに注意。 3. manのPATH設定 # vi /etc/man.config : MANPATH /usr/local/tripwire/share/man ← 最終行に追加する。 # man tripwire ← manの設定の確認。 4. Tripwire設定
5. Tripwire確認 # tripwire -m c -s -c /etc/tripwire/tw.cfg ← Tripwireチェック実行 時間がかかる。 # echo test > test.txt ← 試しにテストファイルを作成する # tripwire -m c -s -c /etc/tripwire/tw.cfg ← Tripwireチェック再実行 # rm -f test.txt ← テストファイル削除(後始末) 6. メール送信のテスト # tripwire --test --email root@localhost ← 例)送信先がroot@localhost
メールが届いているか確認する。 7. Tripwire定期自動実行設定 # vi tripwire.sh ← Tripwire定期自動実行スクリプト作成
#!/bin/bash PATH=/usr/sbin:/usr/bin:/bin:/usr/local/tripwire/sbin # パスフレーズ設定 LOCALPASS=xxxxxxxx # ローカルパスフレーズ cd /etc/tripwire # Tripwireチェック実行 tripwire -m c -s -c tw.cfg -M # データベース更新 tripwire -m u -s -c tw.cfg -a -P $LOCALPASS Tripwire定期自動実行スクリプトの実行権限付加 # chmod 700 tripwire.sh CRONへの登録 # vi /etc/cron.d/tripwire
0 5 * * * root /root/tripwire.sh ← 毎日5:00に実行する場合
8. Tripwireの運用 Last-modified: 2014-03-11 (火) 01:59:57 (3661d)
|