18.1. Install, Compile and Optimize

Tripwire is a file and directory integrity checker, a utility that compares a designated set of files and directories against information stored in a previously generated database. Any differences are flagged and logged, including added or deleted entries. When run against system files on a regular basis, any changes in critical system files will be spotted -- and appropriate damage control measures can be taken immediately. With Tripwire, system administrators can conclude with a high degree of certainty that a given set of files remain free of unauthorized modifications if Tripwire reports no changes.

These installation instructions assume:

These are the package(s) required and Tripwire Homepage:

http://www.tripwiresecurity.com/

You must be sure to download: Tripwire-1.3.1-1.tar.gz

You need to decompress the Tarballs, It is a good idea to make a list of files on the system before you install it, and one afterwards, and then compare them using diff to find out what file it placed where. Simply run find /* > Tripwire1 before and find /* > Tripwire2 after you install the tarball, and use diff Tripwire1 Tripwire2 > Tripwire-Installed to get a list of what changed.

          [root@deep] /# cp Tripwire-version.tar.gz /var/tmp
          [root@deep] /# cd /var/tmp
          [root@deep ]/tmp# tar xzpf Tripwire-version.tar.gz
          

Move into the new Tripwire directory and Edit the utils.c file (vi +462 src/utils.c) and change the line:


          else if (iscntrl(*pcin)) {
          
To read:

          else if (!(*pcin & 0x80) && iscntrl(*pcin)) {
          

Edit the config.parse.c file, vi +356 src/config.parse.c and change the line:

          rewind(fpout);
          
To read:

          else {
          rewind(fpin);
          }
          

Edit the config.h file, vi +106 include/config.h and change the line:

          #define CONFIG_PATH     "/usr/local/bin/tw"
          #define DATABASE_PATH   "/var/tripwire"
          
To read:

          #define CONFIG_PATH     "/etc"
          #define DATABASE_PATH   "/var/spool/tripwire"
          

Edit the config.h file, vi +165 include/config.h and change the line:

          #define TEMPFILE_TEMPLATE "/tmp/twzXXXXXX"
          
To read:

          #define TEMPFILE_TEMPLATE "/var/tmp/.twzXXXXXX"
          

Edit the config.pre.y file vi +66 src/config.pre.y and change the line:

          #ifdef TW_LINUX
          
To read:

          #ifdef TW_LINUX_UNDEF
          

Edit the Makefile, vi +13 Makefile and change the line:

          DESTDIR = /usr/local/bin/tw
          
To read:

          DESTDIR = /usr/sbin
          

          DATADIR = /var/tripwire
          
To read:

          DATADIR = /var/spool/tripwire
          

          LEX     = lex
          
To read:

          LEX     = flex
          

          CC=gcc
          
To read:

          CC=egcs
          

          CFLAGS = -O
          
To read:

          CFLAGS = -O9 -funroll-loops -ffast-math -malign-double -mcpu=pentiumpro -march=pentiumpro -fomit-frame-pointer -fno-exceptions
          


          [root@deep ]/tw_ASR_1.3.1_src# make
          [root@deep ]/tw_ASR_1.3.1_src# make install
            

          [root@deep ]/tw_ASR_1.3.1_src# chmod 700  /var/spool/tripwire/
          [root@deep ]/tw_ASR_1.3.1_src# chmod 500 /usr/sbin/tripwire
          [root@deep ]/tw_ASR_1.3.1_src# chmod 500 /usr/sbin/siggen
          [root@deep ]/tw_ASR_1.3.1_src# rm -f  /usr/sbin/tw.config
          

Do Cleanup later:

          [root@deep] /# cd /var/tmp
          [root@deep ]/tmp# rm -rf tw_ASR_version/ Tripwire-version.tar.gz
          
The rm command as used above will remove all the source files we have used to compile and install Tripwire. It will also remove the Tripwire compressed archive from the /var/tmp directory.