4.2 KiB
How to Install Tripwire IDS (Intrusion Detection System) on Linux
Tripwire is a popular Linux Intrusion Detection System (IDS) that runs on systems in order to detect if unauthorized filesystem changes occurred over time.
In CentOS and RHEL distributions, tripwire is not a part of official repositories. However, the tripwire package can be installed via Epel repositories.
To begin, first install Epel repositories in CentOS and RHEL system, by issuing the below command.
# yum install epel-release
After you’ve installed Epel repositories, make sure you update the system with the following command.
# yum update
After the update process finishes, install Tripwire IDS software by executing the below command.
# yum install tripwire
Fortunately, tripwire is a part of Ubuntu and Debian default repositories and can be installed with following commands.
$ sudo apt update
$ sudo apt install tripwire
On Ubuntu and Debian, the tripwire installation will be asked to choose and confirm a site key and local key passphrase. These keys are used by tripwire to secure its configuration files.
Create Tripwire Site and Local Key
On CentOS and RHEL, you need to create tripwire keys with the below command and supply a passphrase for site key and local key.
# tripwire-setup-keyfiles
Create Tripwire Keys
In order to validate your system, you need to initialize Tripwire database with the following command. Due to the fact that the database hasn’t been initialized yet, tripwire will display a lot of false-positive warnings.
# tripwire --init
Initialize Tripwire Database
Finally, generate a tripwire system report in order to check the configurations by issuing the below command. Use --help switch to list all tripwire check command options.
# tripwire --check --help
# tripwire --check
After tripwire check command completes, review the report by opening the file with the extension .twr from /var/lib/tripwire/report/ directory with your favorite text editor command, but before that you need to convert to text file.
# twprint --print-report --twrfile /var/lib/tripwire/report/tecmint-20170727-235255.twr > report.txt
# vi report.txt
Tripwire System Report
That’s It! you have successfully installed Tripwire on Linux server. I hope you can now easily configure your Tripwire IDS.
作者简介:
I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.
via: https://www.tecmint.com/install-tripwire-ids-intrusion-detection-system-on-linux/
作者: Matei Cezar 译者:译者ID 校对:校对者ID