Login or Register to Ask a Question and Join Our Community


AIX

README: Install tripwire on AIX

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX README: Install tripwire on AIX
# 1  
Old 05-20-2010
README: Install tripwire on AIX
We had a SAS70 audit at our site a few months back and part of the end result was that I had to install tripwire to monitor our application binaries. We were able to compile tripwire for our AIX 5.3 server but after a few months I was asked to install it on other systems. I could have and did just copy the binaries over from the original build.

I also searched for tripwire binaries for AIX but found nothing and found other folks that were looking as well. I just posted this in hopes it would help someone else out.

I found a site that seemed to have everything but tripwire compiled for AIX. I asked the owner of the site if he had considered compiling tripwire for AIX and he said no but would at my request. Below is the link for the download.

http://www.perzl.org/aix/index.php?n=Main.Tripwire

I am running AIX 5.3TL06

RPM packages that I installed.

Code:
root@foobar:/dump/tripwire$rpm -Uvh openssl-0.9.8n-1.aix5.1.ppc.rpm
warning: /var/ssl/openssl.cnf saved as /var/ssl/openssl.cnf.rpmsave
openssl                     ################################################## 
root@foobar:/dump/tripwire$rpm -Uvh libgcc-4.2.4-2.aix5.3.ppc.rpm
libgcc                      ##################################################
root@foobar:/dump/tripwire$rpm -Uvh libstdc++-4.2.4-2.aix5.3.ppc.rpm
libstdc++                   ##################################################
root@foobar:/dump/tripwire$rpm -Uvh tripwire-2.4.2-1.aix5.1.ppc.rpm
tripwire                    ##################################################

Be careful with the openssl package. When I installed it I had problem with scp afterwards. I was running an older version of ssh and openssl so I had to upgrade my ssh version to 5.2 and install the required level of openssl. Just wanted to make you aware of the issues I ran into so you can hopefully avoid them.

Primary files created by installing the packages above.

Code:
root@foobar:/opt/freeware/sbin$ls
siggen                   tripwire-check           twadmin
tripwire                 tripwire-setup-keyfiles  twprint

There are sample twconfig or twpolicy files included with this install package to start from in /etc/tripwire. There are also man pages that might help you adjust these config files to liking and they are installed in /opt/freeware/man. I have attached my copies for examples as well.

Once you get the twcfg.txt and twpol.txt files created move on to the next step.

I created a directory where I wanted the key files, database files and policy files stored and changed to that directory before starting this process. There is one file location that seems to be hardcoded into the tripwire executable. We will need to create a symbolic link to resolve this and I will address that in a bit.

Create a site key file. Place single quotes around the passphrase as shown if it has spaces.

I used my hostname in my site key name but you can use whatever you want to put in place of the hostname in the next two examples. Not sure of the restrictions on this.

Code:
root@foobar:/usr/local/tripwire$twadmin --generate-keys --site-keyfile foobar-site.key --site-passphrase 'make up some phrase to put in here'
Generating key (this may take several minutes)...Key generation complete.

Create a local key file. Place single quotes around the passphrase as shown if it has spaces.

Code:
root@foobar:/usr/local/tripwire$twadmin --generate-keys --local-keyfile foobar-local.key --local-passphrase 'make up some phrase to put in here'
Generating key (this may take several minutes)...Key generation complete.

The next two steps will create an encrypted version of the policy and config text files that you created in an earlier step. Pay attention to the “Please enter your site/local passphrase:” questions here. It is asking you to enter the passphrase that you set up in an earlier step. Basically you are entering the password you set up.

Code:
root@foobar:/usr/local/tripwire$twadmin --create-cfgfile --cfgfile tw.cfg --site-keyfile foobar-site.key twcfg.txt
Please enter your site passphrase:
Wrote configuration file: /usr/local/tripwire/tw.cfg
 
root@foobar:/usr/local/tripwire$twadmin --create-polfile --cfgfile tw.cfg --polfile tw.pol --site-keyfile foobar-site.key twpol.txt
Please enter your site passphrase:
Wrote policy file: /usr/local/tripwire/tw.pol

List of resulting files after the key creation and encrypted policy and config files.

Code:
root@foobar:/usr/local/tripwire$ls
foobar-local.key      tw.pol          twcfg.txt
foobar-site.key      tw.cfg            twpol.txt

The next step is the init step to initialize the tripwire database. This is where we need to create a symbolic link for the tw.cfg file. It appears the tripwire executable expects the tw.cfg file to be located in /etc/tripwire. So I created a soft link to resolve this issue or you can just move the file over there if you prefer.

Code:
ln –s /usr/local/tripwire/tw.cfg /etc/tripwire/tw.cfg
root@foobar:/usr/local/tripwire$ls -al /etc/tripwire/tw.cfg
lrwxrwxrwx    1 root     system           26 May 19 18:48 /etc/tripwire/tw.cfg -> /usr/local/tripwire/tw.cfg

Code:
root@foobar:/usr/local/tripwire$tripwire --init --cfgfile tw.cfg --polfile tw.pol --site-keyfile foobar-site.key --local-keyfile foobar-local.key
Please enter your local passphrase:
Parsing policy file: /usr/local/tripwire/tw.pol
Generating the database...
*** Processing Unix File System ***
### Warning: File system error.
### Filename: /usr/local/tripwire/report
### A file or directory in the path name does not exist.
### Continuing...
Wrote database file: /usr/local/tripwire/fss1.twd
The database was successfully generated.

I left the Warning message above just as an example. I failed to create the report directory that I specified in my twpol.txt file.

Code:
TWREPORT= "/usr/local/tripwire/report";

After creating the directory and rerunning the init step all was good.

You can now run the command to check your system for the first time. You can set this up afterward in a script or as a cron job to get daily or weekly results of changes made to the system.


Code:
root@foobar:/usr/local/tripwire$tripwire --check
Parsing policy file: /usr/local/tripwire/tw.pol
*** Processing Unix File System ***
Performing integrity check...
Wrote report file: /usr/local/tripwire/report/fss1-20100519-202145.twr
 
 
Open Source Tripwire(R) 2.4.1 Integrity Check Report
 
Report generated by:          root
Report created on:            Wed May 19 20:21:45 CDT 2010
Database last updated on:     Never
 
===============================================================================
Report Summary:
===============================================================================
Just more report stuff **********
 
===============================================================================
Error Report:
===============================================================================
 
No Errors
 
-------------------------------------------------------------------------------
*** End of report ***
 
Open Source Tripwire 2.4 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered
trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY;
for details use --version. This is free software which may be redistributed
or modified only under certain conditions; see COPYING for details.
All rights reserved.
Integrity check complete.


You can scroll up to see the report or run the following command against the report name it gave you in the output to review it. Or just list the contents of the /usr/local/tripwire/report directory to list all reports. I would expect you to only see one at this point.

The report name format listed below is specified in the policy file that you created early in this process.

Code:
root@foobar:/usr/local/tripwire$twprint --print-report --cfgfile /usr/local/tripwire/tw.cfg --twrfile foobar-20100519-183235.twr


I really stink at writing up this kind of stuff up but I hope that if you have wanted to install tripwire on your system and was like me and can never seem to compile anything and make it work that you can get something out of this info.

I thought it best to include real examples but if these are confusing to you then the link below should also help.

http://www.linuxjournal.com/article/8758?page=0,1
twcfg.txt (532 Bytes) 
twpol.txt.gz (2.0 KB) 
Last edited by juredd1; 06-10-2010 at 02:19 PM.. Reason: Corrections
This User Gave Thanks to juredd1 For This Post:
ross.mather
# 2  
Old 05-21-2010
A good clear concise writeup, may prove useful - thanks.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

README: Factorial quick chart with sed & bc:

Hi all, While doing some checks I found a kind of interesting arithmetic factorial chart with sed, sharing this may be simple but thought to share, # n=20;for i in `seq $n`;do printf "`seq $i|xargs|sed 's/ /*/g'`= ";echo "`seq $i|xargs|sed 's/ /*/g'`"| bc;done 1= 1 1*2= 2 1*2*3= 6... (6 Replies)
Discussion started by: rveri
6 Replies

2. AIX

Install pkgadd on AIX

I believe pkgadd facility is available on AIX for managing installation of software packages. How can i get pkgadd facility on AIX machine. which packages i have to install to get pkgadd feature? :mad: (4 Replies)
Discussion started by: snreddy_gopu
4 Replies

3. AIX

How to install AIX on x series?

Hi everyone, I have one IBM server x3650 M2 with intel cpu, i want to install AIX on it. Could you please tell me which version of AIX i can use to install on that machine? Thank you very much :) (1 Reply)
Discussion started by: simba87
1 Replies

4. AIX

Install fixes on AIX 5.3

I'm new to AIX, so please excuse my ignorance! I'm trying to get the system I am now in charge of up-to-date. The 'oslevel' is 5.3.0.0--does this mean no fixes have been installed on this machine since version 5.3 was installed, or just none committed? I've run a couple of what appears to be... (5 Replies)
Discussion started by: brianmd
5 Replies

5. AIX

Aix download and Install

I am new to Aix and would like to learn . Is there is some free download for this os available to be installed on a home desktop pc with 4 gb ram and 2.7 ibm single proc computer . can some one help me with the download link and installation instructions. Thank you in advance (3 Replies)
Discussion started by: bally90
3 Replies

6. AIX

Install of Subversion on AIX

To anyone that can help us We use AIX 5.3 and when we installed Subversion (1.3.1) it took us a week to install. We know how to do the install (a look at the Subversion website tells us how to do this). It is the libraries, compiler version etc...that is the issue. We have to port the... (1 Reply)
Discussion started by: saddlerken
1 Replies

7. AIX

Samba install on AIX 5.2

Ok I'm still trying to figure AIX out, I was used to HP-UX until they switched our server to AIX in February and all of the other servers are Linux which appears to be much more friendly. AIX is, well, NOT. I am trying to install Samba so I can copy files onto a Windows SQL server - that's all... (5 Replies)
Discussion started by: rball
5 Replies

8. AIX

How to install aix on a VLPAR

I have a VIO server on p5, already setup vio client as a lpar on that machine. The question is how I install AIX on that LPAR from NIM server? Does anybody have a document or which IBM redbook has the steps? (0 Replies)
Discussion started by: rainbow_bean
0 Replies

9. AIX

Install of Subversion on AIX

To anyone that can help us We use AIX 5.3 and when we installed Subversion (1.3.1) it took us a week to install. We know how to do the install (a look at the Subversion website tells us how to do this). It is the libraries, compiler version etc...that is the issue. We have to port the... (0 Replies)
Discussion started by: saddlerken
0 Replies

10. UNIX Desktop Questions & Answers

Can I Install AIX 4.3.3 on a PC?

Would it be possible to install AIX ver 4.3.3 on a Pc so I can Practice commands and become familiar with the system? Is there anything special that i would have to do? Thanks Frank (1 Reply)
Discussion started by: wumagic
1 Replies
Login or Register to Ask a Question