Tripwire Enterprise on Ubuntu

Monitoring your file systems for change is an obvious known necessity. Here are some undocumented tricks to run the Tripwire Enterprise 7.0 agent on a Debian box:

Note: This was successful for me on multiple Ubuntu/Debian boxen running kernel 2.6.x

Run the standard .bin installer (this will fail). Then go fetch the extracted .rpm from your /tmp directory.
Use Alien to convert the .rpm to a .deb package: ‘alien -k twfilename.rpm’
Install the .deb package: ‘dpkg -i twfilename.deb’

Change permissions to the tripwire agent bin directory to be executable by root.

Now you must run the post install config script: ‘/usr/local/tripwire/te/agent/bin/twconfig
postInstallConfig xxx.xxx.xxx.xxx 9898 service_passwd’

A few errors will be outputted to the display ‘ln: creating symbolic link /etc/rc.d/rc5.d/S95twdaemon’ to/etc/init.d/twdaemon’: No such file or directory’

Safely ignore since the installer is just trying to add the twdaemon to startup on boot. If you do wish for the agent to run upon boot, add ‘/usr/local/tripwire/te/agent/bin/twdaemon start’ to your ‘/etc/rc.local’ file.

NOTE: Before starting the agent, change the line: ‘127.0.0.1 hostname’ in ‘/etc/hosts’ to ‘127.0.0.1 someotherhostname’ so when the agent performs the initial phone home it will report the active hostname of the machine and the actual ip. If you skip this step, and the hostname associated with 127.0.0.1 in the hosts file is the exact hostname of the machine, then the agent will report the ip as 127.0.0.1.