User Tools

Site Tools


tripwire

Tripwire installation script:

#!/bin/bash
#vhuckaba 4June2013

site=`pwgen -A1 -n1`
local=`pwgen -A1 -n1`

echo "Checking if Tripwire is already installed."
rpm -qa | grep tripwire

echo "If tripwire is already installed, you may need to remove it.  Hit Ctrl-C if it is installed and remove it."

echo "Installing pwgen as it is a requirement for the script."
yum install pwgen

echo "Install Tripwire via yum install, please answer yes to continue when prompted."
yum install tripwire


echo "Backing up Tripwire original config files."
cp /etc/tripwire/twpol.txt /etc/tripwire/twpol.txt.original && cp /etc/tripwire/twcfg.txt /etc/tripwire/twcfg.txt.original

echo "*******************************"
echo "Your site password is: $site"
echo "*******************************"

echo "Generating keys for site, please have your site password ready $site  you will need to enter it twice."

twadmin  --generate-keys --site-keyfile /etc/tripwire/site.key

echo "*******************************"
echo "Your local password is: $local"
echo "*******************************"

echo "Generating keys for local, please have your local password ready $local  you will need to enter it twice."

twadmin  --generate-keys --local-keyfile /etc/tripwire/$HOSTNAME-local.key

echo "Creating encrypted config file."
echo "$site" |  twadmin --create-cfgfile --cfgfile /etc/tripwire/twcfg.cfg --site-keyfile /etc/tripwire/site.key /etc/tripwire/twcfg.txt

echo "Encrypting Policy file."
echo "$site" | twadmin  --create-polfile --cfgfile  /etc/tripwire/twcfg.cfg --polfile /etc/tripwire/twpol.cfg --site-keyfile  /etc/tripwire/site.key  /etc/tripwire/twpol.txt

echo "Processing, please wait..."
echo "$local" | tripwire --init --cfgfile /etc/tripwire/twcfg.cfg --polfile /etc/tripwire/twpol.cfg --site-keyfile /etc/tripwire/site.key --local-keyfile /etc/tripwire/$HOSTNAME-local.key &> /root/twignorepre.txt

echo "Finding and commenting out files not found on the system."
awk '/Filename/ {print $3}' /root/twignorepre.txt > /root/twignore.txt
sed -i 's/\//\\\//g' /root/twignore.txt
sed -i 's/\./\\\./g' /root/twignore.txt
cat /root/twignore.txt
for i in `cat /root/twignore.txt`
do
sed -i 's/'"$i"'\s/#'"$i"'/g' /etc/tripwire/twpol.txt
grep $i /etc/tripwire/twpol.txt
done

sed -i 's/$(TWPOL)\/tw\.pol/\#$(TWPOL)\/tw\.pol/g' /etc/tripwire/twpol.txt | grep tw.pol
sed -i 's/$(TWPOL)\/tw\.cfg/\#$(TWPOL)\/tw\.cfg/g' /etc/tripwire/twpol.txt | grep tw.pol

echo "Encrypting config file after updates"
echo "$site" | twadmin  --create-polfile --cfgfile  /etc/tripwire/twcfg.cfg --polfile /etc/tripwire/twpol.cfg --site-keyfile  /etc/tripwire/site.key  /etc/tripwire/twpol.txt

echo "Building final database, please wait.."
echo "Building DB please wait..."
echo "$local" | tripwire --init --cfgfile /etc/tripwire/twcfg.cfg --polfile /etc/tripwire/twpol.cfg --site-keyfile /etc/tripwire/site.key --local-keyfile /etc/tripwire/$HOSTNAME-local.key

echo "Congratulations Tripwire has installed Sucessfully."
echo "Please place this in the password notes in CORE!"
echo "Tripwire: site password: $site"
echo "Tripwire: local password: $local"
tripwire.txt · Last modified: 2013/11/13 16:29 (external edit)