我们这里采用Intrusion Detection System的一个叫Tripwire的软件来搭建。Tripwire在配置好后,把系统文件的状态保存到数据库中,当文件状态发生变化时,就会被检测出来,因此适合在装完系统后或者搭建完生产环境后立马进行部署。
1.Tripwire的安装。
[root@centos ~]# yum -y install tripwire
[root@centos ~]# tripwire-setup-keyfiles #初期设定
----------------------------------------------
The Tripwire site and local passphrases are used to sign a variety of
files, such as the configuration, policy, and database files.
Passphrases should be at least 8 characters in length and contain both
letters and numbers.
See the Tripwire manual for more information.
----------------------------------------------
Creating key files...
(When selecting a passphrase, keep in mind that good passphrases typically
have upper and lower case letters, digits and punctuation marks, and are
at least 8 characters in length.)
Enter the site keyfile passphrase: #输入keyfile的密码
Verify the site keyfile passphrase: #输入keyfile的密码
Generating key (this may take several minutes)...Key generation complete.
(When selecting a passphrase, keep in mind that good passphrases typically
have upper and lower case letters, digits and punctuation marks, and are
at least 8 characters in length.)
Enter the local keyfile passphrase: #输入key