====== Ubuntu - Tripwire - Install Tripwire ======

<code bash>
sudo apt-get update
sudo apt-get install tripwire
</code>

The installation will run through quite a bit of configuration of the packages that are required.

First, it will configure the mail application that is being pulled in as a dependency.  If you want to configure email notifications, select **"internet site"**.

It will ask you if you want to select passphrases during installation.  Select **"yes"** to both of these prompts.  It will ask if it can rebuild the configuration file.  Select "yes".  It will ask a similar question about the policy file.  Again, answer **"yes"**.

Next, you will be asked to choose and confirm a site key passphrase.  Tripwire uses two keys to secure its configuration files.

  * **site key**: This key is used to secure the configuration files.  We need to ensure that the configuration files aren't modified, or else our entire detection system cannot be trusted.  Since the same configuration files can be used for multiple servers, this key can be used across servers.

  * **local key**: This key is used on each machine to run the binaries.  This is necessary to ensure that our binaries are not run without our consent.

You will first choose and confirm a passphrase for the site key, and then for the local key.  Make sure you choose strong passphrases.

----

===== Initialize the Database =====

Following the installation, you must initialize and configure your installation.  Like most security programs, tripwire is shipped with generic, but strict defaults that may need to be fine-tuned for your specific installation.

First, if you did not choose yes to create a policy file during installation, you can do so now by issuing the command:

<code bash>
sudo twadmin --create-polfile /etc/tripwire/twpol.txt
</code>

You will be prompted for the site passphrase you configured earlier.

This creates an encrypted policy file from the plain text one that we specified in the /etc/tripwire/ directory.  This encrypted file is what tripwire actually reads when running its checks.

We can now initialize the database that tripwire will use to validate our system.  This uses the policy file that we just initiated and checks the points that are specified within.

Because this file has not been tailored for our system yet, we will have a lot of warnings, false positives, and errors.  We will use these as a reference to fine-tune our configuration file in a moment.

The basic way to initialize the database is by running:

<code bash>
sudo tripwire --init
</code>

This will create our database file and complain about the things that we must adjust in the [[Ubuntu:Tripwire:Configure Tripwire|Configuration]].