Tripwireは指定したファイルの情報をデータベースに保存して、ファイルが改竄されていないかどうかを確認するためのソフトウェアです。Tripwireは本来商用ソフトですが、開発元のTripwire, Inc.がオープンソースコミュニティへの協力しており、ソースファイルの配布が行われています。Linux版にはRPMも用意されています。
Tripwireの詳細は次のページを参照してください。
Tripwire Japan K.K.
http://www.tripwire.co.jp/
ここでは、Tripwireをすでにインストールしたとして最低限の設定について説明します。
Tripwireでは、設定ファイルやポリシーファイルで利用されるサイトキーファイルを暗号化するための「サイトパスフレーズ」、データベースファイルなどで利用されるローカルキーファイルを暗号化するための「ローカルパスフレーズ」が必要になります。各パスフレーズを設定するために、 /etc/tripwire/twinstall.sh を実行します。
# /etc/tripwire/twinstall.sh
———————————————-
The Tripwire site and local passphrases are used to
sign a variety of files, such as the configuration,
policy, and database files.
Passphrases should be at least 8 characters in length
and contain both letters and numbers.
See the Tripwire manual for more information.
———————————————-
Creating key files…
(When selecting a passphrase, keep in mind that good passphrases typically
have upper and lower case letters, digits and punctuation marks, and are
at least 8 characters in length.)
Enter the site keyfile passphrase: [サイトキーファイル用のパスフレーズを入力]
Verify the site keyfile passphrase: [パスフレーズを再入力]
Generating key (this may take several minutes)…Key generation complete.
(When selecting a passphrase, keep in mind that good passphrases typically
have upper and lower case letters, digits and punctuation marks, and are
at least 8 characters in length.)
Enter the local keyfile passphrase: [ローカルキーファイル用のパスフレーズを入力]
Verify the local keyfile passphrase: [パスフレーズを再入力]
Generating key (this may take several minutes)…Key generation complete.
———————————————-
Signing configuration file…
Please enter your site passphrase: [設定したサイトパスフレーズを入力]
Wrote configuration file: /etc/tripwire/tw.cfg
A clear-text version of the Tripwire configuration file
/etc/tripwire/twcfg.txt
has been preserved for your inspection. It is recommended
that you delete this file manually after you have examined it.
———————————————-
Signing policy file…
Please enter your site passphrase: [設定したサイトパスフレーズを入力]
Wrote policy file: /etc/tripwire/tw.pol
A clear-text version of the Tripwire policy file
/etc/tripwire/twpol.txt
has been preserved for your inspection. This implements
a minimal policy, intended only to test essential
Tripwire functionality. You should edit the policy file
to describe your system, and then use twadmin to generate
a new signed copy of the Tripwire policy.
———————————————-
The Tripwire site and local passphrases are used to
sign a variety of files, such as the configuration,
policy, and database files.
Passphrases should be at least 8 characters in length
and contain both letters and numbers.
See the Tripwire manual for more information.
———————————————-
Creating key files…
(When selecting a passphrase, keep in mind that good passphrases typically
have upper and lower case letters, digits and punctuation marks, and are
at least 8 characters in length.)
Enter the site keyfile passphrase: [サイトキーファイル用のパスフレーズを入力]
Verify the site keyfile passphrase: [パスフレーズを再入力]
Generating key (this may take several minutes)…Key generation complete.
(When selecting a passphrase, keep in mind that good passphrases typically
have upper and lower case letters, digits and punctuation marks, and are
at least 8 characters in length.)
Enter the local keyfile passphrase: [ローカルキーファイル用のパスフレーズを入力]
Verify the local keyfile passphrase: [パスフレーズを再入力]
Generating key (this may take several minutes)…Key generation complete.
———————————————-
Signing configuration file…
Please enter your site passphrase: [設定したサイトパスフレーズを入力]
Wrote configuration file: /etc/tripwire/tw.cfg
A clear-text version of the Tripwire configuration file
/etc/tripwire/twcfg.txt
has been preserved for your inspection. It is recommended
that you delete this file manually after you have examined it.
———————————————-
Signing policy file…
Please enter your site passphrase: [設定したサイトパスフレーズを入力]
Wrote policy file: /etc/tripwire/tw.pol
A clear-text version of the Tripwire policy file
/etc/tripwire/twpol.txt
has been preserved for your inspection. This implements
a minimal policy, intended only to test essential
Tripwire functionality. You should edit the policy file
to describe your system, and then use twadmin to generate
a new signed copy of the Tripwire policy.
設定が終わると、/etc/tripwireディレクトリに以下の2つのキーファイルが作成されます。
* ホスト名-local.key
* site.key