If you use tripwire, you may have to review and accept changes on a daily basis. Logging into multiple servers to accept the changes is troublesome. Enter CentralWire: a web-based centralized console to review and accept changes detected by tripwire.
Note that Tripwire is a registered trademark of Tripwire, Inc. and that the CentralWire project is NOT in association with the Tripwire, Inc.
Get the latest file from https://sourceforge.net/projects/centralwire/files/. Suppose that it is centralwire-1.0.0.war. Put it into a directory, say, /usr/share/webapps.
CentralWire will login as that user to access the database. Take PostgreSQL as an example. Issue the following commands on the database server host as root.
su postgres createuser -S -D -R -P centralwire Enter password for new role: 123 <-- Use a better password! Enter it again: 123 createdb -E Unicode centralwire psql template1 grant all on database centralwire to centralwire;
To test if it is working, try to connect to database server host (let's say it is db.foo.com) from the web container host (let's say it is web.foo.com):
psql -h db.foo.com -p 5432 -U centralwire centralwire Password for user centralwire: 123
Make sure that you can connect successful before proceeding.
Take Tomcat and PostgreSQL as an example. Obtain the PostgreSQL jdbc driver jar file from http://jdbc.postgresql.org/download.html and put it into the tomcat/lib directory. Restart Tomcat to let it take effect.
For example, if you're using Tomcat, create a centralwire.xml file in the tomcat/conf/Catalina/localhost/ directory. The content should be like:
<Context docBase="/usr/share/webapps/centralwire-1.0.0.war"> <Resource name="jdbc/centralwire" auth="Container" type="javax.sql.DataSource" driverClassName="org.postgresql.Driver" url="jdbc:postgresql://db.foo.com:5432/centralwire" username="centralwire" password="123" maxActive="5" maxIdle="10" maxWait="-1" /> <Parameter name="ldap.server.url" value="ldap://ldap.foo.com/dc=foo,dc=com" /> <Parameter name="ldap.user.filter" value="(uid={0})" /> <Parameter name="ldap.user.base" value="ou=people" /> <Parameter name="ldap.group.filter" value="(uniqueMember={0})" /> <Parameter name="ldap.group.base" value="ou=groups" /> <Parameter name="role.admin" value="admin" /> </Context>
The file above makes the following assumptions. Most likely you'll want to change:
<Context> <Resource .../> <Parameter name="ldap.server.url" value="ldap://ad.foo.com/dc=foo,dc=com" /> <Parameter name="ldap.user.filter" value="(sAMAccountName={0})" /> <Parameter name="ldap.user.base" value="ou=accounts" /> <Parameter name="ldap.group.filter" value="(member={0})" /> <Parameter name="ldap.group.base" value="ou=groups" /> <Parameter name="role.admin" value="admin" /> </Context>
To see if it is working, start Tomcat and try go to http://web.foo.com:8080/centralwire/app (assuming that Tomcat is running on host web.foo.com). You should see a login screen. If not, check the end of tomcat/logs/catalina.out for error messages.
In order for CentralWire to obtain the tripwire reports and accept the changes, CentralWire needs to log into the servers using a specified user account with SSH. So, on each server to be managed by CentralWire, create a shell user account. The best way is to create it in LDAP. If you'd like to create it as a local user account:
useradd centralwire passwd centralwire Enter new UNIX password: 456 <-- Use a better password! Retype new UNIX password: 456
Run visudo and add the following lines to the sudoers file so that that user account above has the right to run tripwire:
centralwire ALL=NOPASSWD: /usr/sbin/tripwire -m u * centralwire ALL=NOPASSWD: /usr/sbin/twprint -m r *
Go to http://web.foo.com:8080/centralwire/app/config to configure the CentralWire web application. You should at least tell it the shell user name ("centralwire" in this example) and the password ("456" in this example).