Installing Tripwire - Security

This is a discussion on Installing Tripwire - Security ; Hi, Is anyone having major problems installing tripwire? I've tried installing the rpm and all instructions say run "twinstall.sh" which doesn't seem to exist in my version. I've tried building it from the source on sourceforge, which worked fine but ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: Installing Tripwire

  1. Installing Tripwire

    Hi,

    Is anyone having major problems installing tripwire?

    I've tried installing the rpm and all instructions say run
    "twinstall.sh" which doesn't seem to exist in my version.

    I've tried building it from the source on sourceforge, which worked
    fine but the installation instructions is just a header and then the
    README file stops, like they got bored of writing instructions.

    What happens next?
    OK man pages:

    So I guess I have to run it in "databse initialisation mode"

    >tripwire -m i

    ### Error: File could not be opened.
    ### Filename: /etc/tripwire/tw.cfg
    ### No such file or directory
    ### Configuration file could not be read.
    ### Exiting...

    OK, so rename twcfg.txt tw.cfg
    > tripwire -m i

    ### Error: Invalid input stream format.
    ###
    ### File: /etc/tripwire/tw.cfg
    ### Configuration file could not be read.
    ### Exiting...

    Is there any documentation on this???!!!!! The readme file is
    appalling, and there appears to be no website other than the
    sourceforge one which just hosts the files.

    I can't find a copy of the missing twinstall script anywhere on the
    web.

    What am I supposed to do?

    Any help would be much appreciated.!!


  2. Re: Installing Tripwire

    hi,

    its easy just make a directory name cd /etc/triwpire and run the
    command ./twinstall.sh

    markvanrossum@gmail.com wrote:
    > Hi,
    >
    > Is anyone having major problems installing tripwire?
    >
    > I've tried installing the rpm and all instructions say run
    > "twinstall.sh" which doesn't seem to exist in my version.
    >
    > I've tried building it from the source on sourceforge, which worked
    > fine but the installation instructions is just a header and then the
    > README file stops, like they got bored of writing instructions.
    >
    > What happens next?
    > OK man pages:
    >
    > So I guess I have to run it in "databse initialisation mode"
    >
    > >tripwire -m i

    > ### Error: File could not be opened.
    > ### Filename: /etc/tripwire/tw.cfg
    > ### No such file or directory
    > ### Configuration file could not be read.
    > ### Exiting...
    >
    > OK, so rename twcfg.txt tw.cfg
    > > tripwire -m i

    > ### Error: Invalid input stream format.
    > ###
    > ### File: /etc/tripwire/tw.cfg
    > ### Configuration file could not be read.
    > ### Exiting...
    >
    > Is there any documentation on this???!!!!! The readme file is
    > appalling, and there appears to be no website other than the
    > sourceforge one which just hosts the files.
    >
    > I can't find a copy of the missing twinstall script anywhere on the
    > web.
    >
    > What am I supposed to do?
    >
    > Any help would be much appreciated.!!



  3. Re: Installing Tripwire

    Umm, yeah. As I said above, that's my problem.

    Neither the rpm or nor the source code includes a file called
    twinstall.sh

    I've just found in the source/contrib there is a file called install.sh
    which just gives the error:
    "Error: configuration parameter $TWPOLICY undefined."

    Anyone got any bright ideas?


    ranjithno1@gmail.com wrote:
    > hi,
    >
    > its easy just make a directory name cd /etc/triwpire and run the
    > command ./twinstall.sh
    >
    > markvanrossum@gmail.com wrote:
    > > Hi,
    > >
    > > Is anyone having major problems installing tripwire?
    > >
    > > I've tried installing the rpm and all instructions say run
    > > "twinstall.sh" which doesn't seem to exist in my version.
    > >
    > > I've tried building it from the source on sourceforge, which worked
    > > fine but the installation instructions is just a header and then the
    > > README file stops, like they got bored of writing instructions.
    > >
    > > What happens next?
    > > OK man pages:
    > >
    > > So I guess I have to run it in "databse initialisation mode"
    > >
    > > >tripwire -m i

    > > ### Error: File could not be opened.
    > > ### Filename: /etc/tripwire/tw.cfg
    > > ### No such file or directory
    > > ### Configuration file could not be read.
    > > ### Exiting...
    > >
    > > OK, so rename twcfg.txt tw.cfg
    > > > tripwire -m i

    > > ### Error: Invalid input stream format.
    > > ###
    > > ### File: /etc/tripwire/tw.cfg
    > > ### Configuration file could not be read.
    > > ### Exiting...
    > >
    > > Is there any documentation on this???!!!!! The readme file is
    > > appalling, and there appears to be no website other than the
    > > sourceforge one which just hosts the files.
    > >
    > > I can't find a copy of the missing twinstall script anywhere on the
    > > web.
    > >
    > > What am I supposed to do?
    > >
    > > Any help would be much appreciated.!!



  4. Re: Installing Tripwire

    markvanrossum@gmail.com wrote:
    > Umm, yeah. As I said above, that's my problem.
    >
    > Neither the rpm or nor the source code includes a file called
    > twinstall.sh
    >
    > I've just found in the source/contrib there is a file called install.sh
    > which just gives the error:
    > "Error: configuration parameter $TWPOLICY undefined."


    >>>
    >>> What am I supposed to do?
    >>>
    >>> Any help would be much appreciated.!!


    $TWPOLICY must somehow direct to the file containing your policy,
    something such as "/etc/tripwire/twpol.txt".

    You did first try to `find` twinstall.sh ? For example, as root;

    find / -name twinstall.sh

    For example, my system (a old pentium 120Mhz Rh7.2 linux router/web) gives;

    [root@chouette gaetan]# find / -name twinstall.sh
    find: /proc/850/fd: No such file or directory
    /etc/tripwire/twinstall.sh
    [root@chouette gaetan]#

    You then run the setup as below, (after configuring
    /etc/tripwire/twcfg.txt and /etc/tripwire/twpol.txt to your needs)

    There is some good information on how to set up tripwire at;
    http://www.yolinux.com/TUTORIALS/Lin....html#TRIPWIRE

    My 2 cents advice; after setup, have your system periodically do the job
    for you and mail the results to your email adress (I make it do it on a
    daily basis at 03h00) (through crontab). Check these mail messages
    periodically and delete the read ones.

    Good luck
    Gaetan

    [root@chouette root ] cd /etc/tripwire
    [root@chouette tripwire]# ./twinstall.sh

    ----------------------------------------------
    The Tripwire site and local passphrases are used to
    sign a variety of files, such as the configuration,
    policy, and database files.

    Passphrases should be at least 8 characters in length
    and contain both letters and numbers.

    See the Tripwire manual for more information.

    ----------------------------------------------
    Creating key files...

    (When selecting a passphrase, keep in mind that good passphrases typically
    have upper and lower case letters, digits and punctuation marks, and are
    at least 8 characters in length.)

    Enter the site keyfile passphrase:
    Verify the site keyfile passphrase:
    Generating key (this may take several minutes)...
    ....Key generation complete.

    ----------------------------------------------
    Signing configuration file...
    Please enter your site passphrase:
    Wrote configuration file: /etc/tripwire/tw.cfg

    A clear-text version of the Tripwire configuration file
    /etc/tripwire/twcfg.txt
    has been preserved for your inspection. It is recommended
    that you delete this file manually after you have examined it.


    ----------------------------------------------
    Signing policy file...
    Please enter your site passphrase:
    Wrote policy file: /etc/tripwire/tw.pol

    A clear-text version of the Tripwire policy file
    /etc/tripwire/twpol.txt
    has been preserved for your inspection. This implements
    a minimal policy, intended only to test essential
    Tripwire functionality. You should edit the policy file
    to describe your system, and then use twadmin to generate
    a new signed copy of the Tripwire policy.

    [root@chouette tripwire]# rm /etc/tripwire/twcfg.txt /etc/tripwire/twpol.txt
    rm: remove `/etc/tripwire/twcfg.txt'? y
    rm: remove `/etc/tripwire/twpol.txt'? y
    [root@chouette tripwire]# /usr/sbin/tripwire --init
    Please enter your local passphrase:
    Parsing policy file: /etc/tripwire/tw.pol
    Generating the database...
    *** Processing Unix File System ***
    Wrote database file: /var/lib/tripwire/chouette.twd
    The database was successfully generated.
    [root@chouette tripwire]#

  5. Re: Installing Tripwire

    I was running "locate", your find command didn't return anything
    either. EVERYTHING I have read says run this flipping file!

    And there are no instructions in the source on how to install it.

    Is there anywhere I can get an old copy of tripwire that is complete?
    Surely everyone else who is downloading the version on sourceforge is
    having this same problem?


  6. Re: Installing Tripwire

    markvr wrote:
    > I was running "locate", your find command didn't return anything
    > either. EVERYTHING I have read says run this flipping file!
    >
    > And there are no instructions in the source on how to install it.
    >
    > Is there anywhere I can get an old copy of tripwire that is complete?
    > Surely everyone else who is downloading the version on sourceforge is
    > having this same problem?
    >

    No instruction on the source on how to install ? Well-well. I don't know
    too much about your linux distribution but usually this package is
    available for installation in quite every distribution. Downloading the
    latest copy and installing from it is yet another way. For example;

    prompt$ ls
    tripwire-2.4.0.1-src.bz2
    prompt$ bunzip2 tripwire-2.4.0.1-src.bz2
    prompt$ ls
    tripwire-2.4.0.1-src.tar
    prompt$ tar xf tripwire-2.4.0.1-src.tar
    prompt$ cd tripwire-2.4.0.1

    At this point, you unpacked the file. Then look into INSTALL (The file
    is short). Then one may run (as root)

    prompt$ ./configure --prefix=/etc/tripwire
    prompt$ make

    What do you have at this point ?

    Gaetan


  7. Re: Installing Tripwire

    Gaétan Martineau wrote:
    > markvr wrote:
    >> I was running "locate", your find command didn't return anything
    >> either. EVERYTHING I have read says run this flipping file!
    >>
    >> And there are no instructions in the source on how to install it.
    >>
    >> Is there anywhere I can get an old copy of tripwire that is complete?
    >> Surely everyone else who is downloading the version on sourceforge is
    >> having this same problem?
    >>

    > No instruction on the source on how to install ? Well-well. I don't know
    > too much about your linux distribution but usually this package is
    > available for installation in quite every distribution. Downloading the
    > latest copy and installing from it is yet another way. For example;
    >
    > prompt$ ls
    > tripwire-2.4.0.1-src.bz2
    > prompt$ bunzip2 tripwire-2.4.0.1-src.bz2
    > prompt$ ls
    > tripwire-2.4.0.1-src.tar
    > prompt$ tar xf tripwire-2.4.0.1-src.tar
    > prompt$ cd tripwire-2.4.0.1
    >
    > At this point, you unpacked the file. Then look into INSTALL (The file
    > is short). Then one may run (as root)
    >
    > prompt$ ./configure --prefix=/etc/tripwire
    > prompt$ make
    >
    > What do you have at this point ?
    >
    > Gaetan
    >


    Oops. The downloaded file is named tripwire-2.4.0.1-src.tar.bz2 (not
    tripwire-2.4.0.1-src.bz2)

    Gaetan

  8. Re: Installing Tripwire

    This is the *entire* instructions on building and installing it from
    the source (ie the INSTALL file in the source tarball). It does just
    stop there!!:

    "Building from source
    ====================

    ./configure --prefix=/path/to/install
    make

    If you want statically linked binaries, throw the --enable-static for
    configure. Note that statically linked binaries are not possible on all
    platforms.

    Once the compile is finished, you'll find binaries in the bin/
    directory.


    Installation
    ============
    "

    Problem is solved though. The file install.sh hsa been renamed
    "tripwire-setup-keyfiles.sh" and trial and error has got me most of the
    rest of the way.

    I still maintain that the documentation is appalling.


  9. Re: Installing Tripwire

    Can you share how to install this with the rest of us? There is no
    documentation anywhere and this install is so far from intuitive or
    normal that I am totally at a loss.


+ Reply to Thread