Difference between revisions of "Tripwire"

From OnnoWiki
Jump to navigation Jump to search
Line 2: Line 2:
  
 
==Instalasi tripwire==
 
==Instalasi tripwire==
 +
 +
Instalasi
  
 
  apt-get install tripwire
 
  apt-get install tripwire
 +
 +
masukan password
  
 
  Enter site key passphrase
 
  Enter site key passphrase
Line 14: Line 18:
  
 
==Edit Policy==
 
==Edit Policy==
 +
 +
edit policy
  
 
  vi /etc/tripwire/twpol.txt
 
  vi /etc/tripwire/twpol.txt
 +
 +
encrypt policy
  
 
  cd /etc/tripwire
 
  cd /etc/tripwire
Line 22: Line 30:
  
 
==Edit Configurasi==
 
==Edit Configurasi==
 +
 +
edit konfigurasi
  
 
  vi /etc/tripwire/twcfg.txt
 
  vi /etc/tripwire/twcfg.txt
 +
 +
encrypt konfigurasi
  
 
  cd /etc/tripwire
 
  cd /etc/tripwire
Line 31: Line 43:
 
==Inisialisasi Database==
 
==Inisialisasi Database==
  
Inisialisasi baseline database
+
Inisialisasi baseline [[database]]
  
 
  tripwire --init --cfgfile /etc/tripwire/tw.cfg \  
 
  tripwire --init --cfgfile /etc/tripwire/tw.cfg \  
Line 54: Line 66:
 
Untuk server yang beroperasi 24/7 kita dapat menggunakan cron dan e-mail hasilnya ke administrator.
 
Untuk server yang beroperasi 24/7 kita dapat menggunakan cron dan e-mail hasilnya ke administrator.
  
Updating the policy
+
==Update policy==
 +
 
 +
Jika kita mengupdate policy, misalnya menambahkan / mengurangi folder yang akan di scan dll kita dapat melakukan
 +
 
 +
tripwire --update-policy --cfgfile ./tw.cfg --polfile ./tw.pol \
 +
--site-keyfile ./site.key --local-keyfile ./HOSTNAME-local.key ./twpol.txt
 +
 
 +
atau jika HOSTNAME yang digunakan ubuntu maka
 +
 
 +
tripwire --update-policy --cfgfile ./tw.cfg --polfile ./tw.pol \
 +
--site-keyfile ./site.key --local-keyfile ./ubuntu-local.key ./twpol.txt
 +
 
 +
==Update secara regular==
 +
 
  
If you update your policy, for example to exclude directories from the scan, then the tripwire command has a policy update mode which means that a change in policy does not require us to reinitialise the database. The policy update mode simply synchronises the existing database with the new policy file. The new policy file expected is the plain-text version - Tripwire will then ask for the local and site passphrases, synchronise the database and sign both the new policy file and the database.
 
  
[root@home /etc/tripwire]# tripwire --update-policy --cfgfile ./tw.cfg --polfile ./tw.pol \
 
--site-keyfile ./site.key --local-keyfile ./HOSTNAME-local.key ./twpol.txt
 
  
 
Regular Updates
 
Regular Updates

Revision as of 07:27, 25 January 2011

Logika tripwire adalah membuat baseline database dari file yang ada di system. Jika file tersebut berubah maka tripwire akan mencatat atau memberitahukan administrator.

Instalasi tripwire

Instalasi 

apt-get install tripwire

masukan password 

Enter site key passphrase
Enter local key passphrase

Pastikan konfigurasi tripwire aman dan hanya bisa di akses oleh root saja. 

cd /etc/tripwire
chmod 0600 tw.cfg tw.pol

Edit Policy

edit policy 

vi /etc/tripwire/twpol.txt

encrypt policy 

cd /etc/tripwire
twadmin --create-polfile --cfgfile ./tw.cfg --site-keyfile ./site.key ./twpol.txt


Edit Configurasi

edit konfigurasi 

vi /etc/tripwire/twcfg.txt

encrypt konfigurasi 

cd /etc/tripwire
twadmin --create-cfgfile --cfgfile ./tw.cfg --site-keyfile ./site.key ./twcfg.txt


Inisialisasi Database

Inisialisasi baseline database 

tripwire --init --cfgfile /etc/tripwire/tw.cfg \ 
--polfile /etc/tripwire/tw.pol --site-keyfile /etc/tripwire/site.key \
--local-keyfile /etc/tripwire/HOSTNAME-local.key

atau jika HOSTNAME anda adalah ubuntu maka 

tripwire --init --cfgfile /etc/tripwire/tw.cfg \ 
--polfile /etc/tripwire/tw.pol --site-keyfile /etc/tripwire/site.key \
--local-keyfile /etc/tripwire/ubuntu-local.key

Ini akan membutuhkan waktu beberapa lama karena dia akan mencek seluruh harddisk.


Check System

Untuk mencek apakah terjadi perubahan file kita dapat melakukan 

tripwire --check

Untuk server yang beroperasi 24/7 kita dapat menggunakan cron dan e-mail hasilnya ke administrator.

Update policy

Jika kita mengupdate policy, misalnya menambahkan / mengurangi folder yang akan di scan dll kita dapat melakukan 

tripwire --update-policy --cfgfile ./tw.cfg --polfile ./tw.pol \ 
--site-keyfile ./site.key --local-keyfile ./HOSTNAME-local.key ./twpol.txt

atau jika HOSTNAME yang digunakan ubuntu maka 

tripwire --update-policy --cfgfile ./tw.cfg --polfile ./tw.pol \ 
--site-keyfile ./site.key --local-keyfile ./ubuntu-local.key ./twpol.txt

Update secara regular

Regular Updates

You will also need to do regular updates to keep your database current with your file system. Do the checks and examine the before making updates. Perform updates regularly (determine your schedule) and also after making any major changes to the file architecture.

[root@home /etc/tripwire]# tripwire --update -Z low

This command will compare your database against your current file system and then launch an editor so that you can choose to make changes to your database.


If you try this command but get an error message about a missing report file, the reason is most likely that the last check was not run immediately prior to the update. The report file in the /var/lib/tripwire/report directory is named by hostname, then date (yyyymmdd) then time. If you have recently run a check and want the update to proceed using your most recent report file, then use the -r option and provide the report filename that you want the update to use.

[root@home /etc/tripwire]# tripwire --update -Z low --twrfile host-yyyymmdd-tttttt.twr


Local Manual

/usr/share/doc/tripwire/README.Debian

Referensi

Pranala Menarik

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Tripwire&oldid=24768"