Documente Academic
Documente Profesional
Documente Cultură
ENTERPRISE
Tripwire and nCircle are registered trademarks of Tripwire, Inc. Other brand or product names may be
trademarks or registered trademarks of their respective companies or organizations.
Contents of this document are subject to change without notice. Both this document and the software described
in it are licensed subject to Tripwires End User License Agreement located at www.tripwire.com/eula, unless a
valid license agreement has been signed by your organization and an authorized representative of Tripwire. This
document contains Tripwire confidential information and may be used or copied only in accordance with the
terms of such license.
Tripwire, Inc.
One Main Place
101 SW Main St., Suite 1500
Portland, OR 97204
US Toll-free: 1.800.TRIPWIRE
main: 1.503.276.7500
fax: 1.503.223.0182
http://www.tripwire.com
tripwire@tripwire.com
TW1032-27
Contents
Chapter 3. Logging In 93
Login Overview 94
Logging In to a New Tripwire Enterprise Installation 95
Logging In to an Upgraded Tripwire Enterprise Installation 96
Index 126
Overview
The Tripwire Enterprise Installation & Maintenance Guide includes the following sections:
l Chapter 1: Installing Tripwire Enterprise Console (on page 12) describes the process for
installing Tripwire Enterprise Console software.
l Chapter 2: Installing Tripwire Enterprise Agent (on page 55) describes the process for
installing Tripwire Enterprise Agent software.
l Chapter 3: Logging In (on page 93) describes the process for logging in to Tripwire
Enterprise.
l Chapter 4: Post-Installation Configuration (on page 98) includes optional post-installation
configuration procedures.
l Chapter 5: Maintenance Procedures (on page 106) includes procedures used to maintain
your Tripwire Enterprise implementation.
Document List
The Tripwire Enterprise Installation & Maintenance Guide provides installation and upgrade
instructions for Tripwire Enterprise software. In addition, this guide includes procedures for the
maintenance of your Tripwire Enterprise software and database.
The Tripwire Enterprise User Guide provides a detailed overview of Tripwire Enterprise
functionality, along with related concepts and procedures.
The Tripwire Enterprise Reference Guide contains supplemental information for the operation of
Tripwire Enterprise software and associated applications.
PDF versions of these documents are available in the docs directory of the Tripwire Enterprise
installation DVD or the TEConsole Web download.
In addition, online help may be accessed from the Tripwire Enterprise interface. The online
help includes the content of all documents cited above.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 9 About This Guide
Document Conventions
Convention Description
Bolding Indicates:
l The labels of buttons, menus, fields, drop-downs, and check boxes.
l Options selected from a drop-down list or menu.
l Keystrokes and menu paths.
l Introductory sentences for procedures.
l The first reference of a term.
Examples:
l In the Monitor dialog, select the Activate check box.
l Press CTRL+DELETE.
Italics Indicates cross references to sections and chapters in this book, as well as the titles of
other books.
Example: "For more information, see Creating a Node."
Sans Indicates:
Serif l URLs and e-mail addresses
l Directory paths and file names
l Command-line entries
Examples:
l www.tripwire.com
l C:\Program Files\
Brackets Indicates a set of possible user-entered options; individual options are separated by the
pipe (|) character.
Example: [1 | 2 | 3]
Tripwire Enterprise 8.3 Installation & Maintenance Guide 10 About This Guide
Contact Information
Tripwire, Inc.
Tripwire Sales
Domestic: sales@tripwire.com
Government: govt@tripwire.com
EMEA: emeasales@tripwire.com
APAC: apacsales@tripwire.com
Japan: japansales@tripwire.com
Tripwire Educational Services provides hands-on technical training for the installation,
configuration, and maintenance of your Tripwire software. All courses are taught by Tripwire
Certified Instructors. For more information, please contact your Tripwire sales representative or
visit http://www.tripwire.com/services/training/.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 11 About This Guide
Chapter 1.
Installing Tripwire
Enterprise Console
Installation Requirements for Tripwire Enterprise Console
Note With the Tripwire Enterprise Console installer, you can upgrade directly to the
latest version of Tripwire Enterprise Console from Tripwire Enterprise Console 8.1
or later. For additional upgrade paths, see Upgrade Overview on page 40.
A Tripwire Enterprise Server (TE Server) is the host machine on which Tripwire Enterprise
Console (TE Console) software is installed. A Tripwire Enterprise Console database stores
all data generated by TE Console.
l With a single-system installation, you install the TE Console software and database on
the same system (the TE Server).
l With a distributed installation, you install the TE Console software on the TE Server,
and the database on another system.
http://www.tripwire.com/register/
tripwire-enterprise-platform-and-device-support
Prior to installing Tripwire Enterprise Console, you should first read the EULA in its entirety.
Installation of Tripwire Enterprise Console software implies your consent to all terms and
conditions outlined in the EULA.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 13 Chapter 1. Installing Tripwire Enterprise Console
Preparing for a New Installation
Prior to installing Tripwire Enterprise Console for the first time, complete the following
steps:
l If needed, obtain a license for your Tripwire Enterprise Server. Your License Card
(included in your software distribution package) provides a URL and instructions for
obtaining a license. If you downloaded Tripwire Enterprise Console, you received your
license information via e-mail.
l Read the Tripwire Enterprise Console Installation and Upgrade section in the Release
Notes (release_notes.html). The Release Notes are available on the Tripwire
Enterprise installation DVD and in the main directory of a download archive.
l Ensure that your Tripwire Enterprise Server complies with all requirements (see
Requirements for a Tripwire Enterprise Server on page 20).
l If you will perform a distributed installation, ensure that your remote database server
complies with all requirements (see Requirements for a Remote Database Server on page
23).
l If you will use a MySQL database as your Tripwire Enterprise Console database, you
should first remove any existing MySQL database management systems from the database
host system (either your Tripwire Enterprise Server or remote database server).
Once all requirements have been met, you may proceed with your installation. For further
instructions, see:
Caution For a successful installation, your Tripwire Enterprise Server and remote
database server (if applicable) must be in compliance with all requirements. If
these systems do not meet all requirements, your installation may fail.
Note Once you install the Tripwire Enterprise Console software and database, you can
open the Tripwire Enterprise Web interface from any system networked with your
Tripwire Enterprise Server. To open the interface, the local system must have one
of the Web browsers listed in Supported Web Browsers for Tripwire Enterprise on
page 23.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 14 Chapter 1. Installing Tripwire Enterprise Console
Preparing for an Upgrade
Once all requirements have been met, you may proceed with your upgrade. For further
instructions, see Upgrade Overview on page 40.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 15 Chapter 1. Installing Tripwire Enterprise Console
Services Installed with Tripwire Enterprise Console
The tables in this section list the services installed with Tripwire Enterprise Console. For more
information on the ports used by Tripwire Enterprise, see Tripwire Enterprise Port
Configuration on page 19.
For information on the services installed with Tripwire Enterprise Agent, see Services Installed
with Tripwire Enterprise Agent on page 58.
Requires
Installation Service Listening Firewall
Type Name Ports Access? Description
TE Console + MySQL DB twservices 443 Y End user web UI
(Single-system
installation) 8080 Y HTTP/EMS integration
services
Tripwire Enterprise 8.3 Installation & Maintenance Guide 16 Chapter 1. Installing Tripwire Enterprise Console
Table 2. Services installed with Tripwire Enterprise Console on Solaris systems
Requires
Installation Service Listening Firewall
Type Name Ports Access? Description
TE Console + MySQL DB twservices 443 Y End user web UI
(Single-system
installation) 8080 Y HTTP/EMS integration
services
teges none
Tripwire Enterprise 8.3 Installation & Maintenance Guide 17 Chapter 1. Installing Tripwire Enterprise Console
Table 3. Services installed with Tripwire Enterprise Console on Windows systems
Requires
Installation Listening Firewall
Type Service Name Ports Access? Description
TE Console + MySQLDB Tripwire Enterprise 443 Y End user web UI
(Single-system Server
installation) 8080 Y HTTP/EMS integration
services
Tripwire Enterprise 8.3 Installation & Maintenance Guide 18 Chapter 1. Installing Tripwire Enterprise Console
Tripwire Enterprise Port Configuration
Figure 1 below illustrates the default ports that may be involved in your Tripwire Enterprise
implementation. For more information about default ports, see:
Note A network device may employ one or more of the ports in Figure 1 below.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 19 Chapter 1. Installing Tripwire Enterprise Console
Requirements for a Tripwire Enterprise Server
Prior to installing Tripwire Enterprise Console software, you should first ensure that the host
system complies with all network (see below) and system requirements (see Supported
Platforms and System Requirements on the next page).
If the host system runs Solaris or Linux, you must also complete the appropriate steps in
Additional Requirements for Solaris and Linux on page 22.
Network Requirements
l Reside on an IP network.
l Have a static IP address (non-DHCP), as well as a hostname that resolves to the address.
You must also ensure that all required ports are free on your Tripwire Enterprise Server. Table 4
below identifies the default number and purpose of each port that may be needed. For each port,
the table also indicates:
For a diagram of default ports that may be involved in your Tripwire Enterprise implementation,
see Figure 1 on the previous page.
Note A network device may employ one or more of the ports depicted in Figure 1 on the
previous page. If a port will not be used in your Tripwire Enterprise implementation,
you can close the port on any existing firewalls. For example, if Tripwire Enterprise
will not monitor any network devices, you can close port 69 on your firewall.
Configurable
Default During
Port/Protocol Installation? Used for ...
69/UDP No ... inbound communication received from network devices that
support TFTP.
8080/TCP Yes ... download of JAR files to Agent systems, as well as external
integrations such as plug-ins (HTTP).
Tripwire Enterprise 8.3 Installation & Maintenance Guide 20 Chapter 1. Installing Tripwire Enterprise Console
Table 5. Optional outbound ports for a Tripwire Enterprise Server
Configurable
Default During
Port/Protocol Installation? Used for ...
25/TCP No ... outbound e-mail (SMTP) sent by Tripwire Enterprise e-mail
actions. You can configure this port when you create or modify an
e-mail server in the Tripwire Enterprise interface. For more
information, see What are E-mail Servers? in the Tripwire Enterprise
User Guide.
162/UDP No ... outbound SNMP traps sent by Tripwire Enterprise SNMP actions.
For more information, see How Does an SNMP Action Work? in the
Tripwire Enterprise User Guide.
2. Inspect the list of connections for services running on ports listed in Table 4 on the
previous page.
l If the list includes a non-configurable port that will be needed, disable all services
associated with the port before installing Tripwire Enterprise Console.
l If the list includes a configurable port that will be needed, you can either disable
the associated services or enter the number of an unused port when you install the
application.
l The operating systems on which Tripwire Enterprise Console software may be installed
(along with the minimum hardware requirements for each supported platform).
l The operating systems on which the Tripwire Enterprise Event Generator can be installed.
(Required for real-time monitoring of your Tripwire Enterprise Server, the Event
Generator is an optional component that may be added when you install your Tripwire
Enterprise Console software.)
http://www.tripwire.com/it-security-software/scm/specifications/
system-requirements
Tripwire Enterprise 8.3 Installation & Maintenance Guide 21 Chapter 1. Installing Tripwire Enterprise Console
Additional Requirements for Solaris and Linux
If your Tripwire Enterprise Server is a Solaris system, you should install the J2SE patches
for your operating system.
If your Tripwire Enterprise Server is a Solaris or Linux system, you must create a UNIX
user group and user account before running the Tripwire Enterprise Console installer. To do so:
3. Enter one of the following commands to create a new user (called tripwire) in the
tripwire group.
If your Tripwire Enterprise Server is a Solaris or Linux system, ensure that the kernel
setting for the maximum number of open file descriptors is set to 10240 (or higher for large
deployments). When TE Console launches, it issues the command ulimit -n 10240 to
temporarily set the per-session maximum number of open file descriptors to 10240. In order for
this command to succeed, the kernel setting for the maximum (often referred to as a hard limit)
must be greater than this value.
Solaris:edit /etc/system to change the rlim_fd_max setting, then reboot the system
Linux: edit sysctl.conf to set fs.file-max=65535
For more information about these commands and appropriate methods of managing kernel tuning
parameters, see the documentation for your operating system.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 22 Chapter 1. Installing Tripwire Enterprise Console
Requirements for a Remote Database Server
For a list of supported databases that can serve as the remote database in a distributed
installation, see:
http://www.tripwire.com/register/tripwire-enterprise-platform-and-device-support
You can install a remote database on any system with a platform supported by the database
vendor. In addition, the remote database server must:
l Have a static IP address (non-DHCP), as well as a hostname that resolves to the address.
l Provide a free port for communication with your TE Server. Table 6 identifies the default
port for each type of remote database.
http://www.tripwire.com/register/tripwire-enterprise-platform-and-device-support
In addition, TLSv1, Javascript, and cookies must be enabled in your Web browser.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 23 Chapter 1. Installing Tripwire Enterprise Console
Single-System Installation of Tripwire Enterprise Console
For an introduction to single-system installations, see Installation Requirements for Tripwire
Enterprise Console on page 13.
Caution Due to the softwares high volume of network connections and memory-
intensive operations, Tripwire Enterprise Console must be installed on a local
partition on a dedicated server (not on a mapped drive or remote file system,
such as NFS). For further details, see the Release Notes on your Tripwire
Enterprise installation DVD or in the main directory of your download archive.
To install your Tripwire Enterprise Console software and database on the same system:
1. Log in to the system with root or Administrator privileges.
2. Access your Tripwire Enterprise installation DVD or download archive, and navigate to
the installer directory for the systems platform (see Table 7 on the next page).
3. At a command prompt, enter the installer command for the systems platform (see Table
7).
4. Follow the on-screen instructions to complete the Tripwire Enterprise Console installer.
Make a note of your specified settings, such as port numbers. You may need
this information at a later date.
5. In the Post-Installation Summary dialog, read the summary information and click Done.
The installation process may take several minutes. If the installer encounters errors, it will
display any available error information and help you to troubleshoot the problem.
Next To log in, see Logging In to a New Tripwire Enterprise Installation on page 95.
(Optional) For information about updating theJRE on the TE Console system, see the
Tripwire Enterprise Hardening Guide, available for download from the Tripwire
Customer Center (http://www.tripwire.com/customers).
Tripwire Enterprise 8.3 Installation & Maintenance Guide 24 Chapter 1. Installing Tripwire Enterprise Console
Table 7. Tripwire Enterprise Console installer directories and commands
Note: Console mode installs your Tripwire Enterprise Console software and database with a command-
line interface. To run your installation in console mode, add the -i console flag to the installer
command. For example:
./install-server-linux-x86.bin -i console
To complete the command-line installer, follow the on-screen instructions.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 25 Chapter 1. Installing Tripwire Enterprise Console
Distributed Installation of Tripwire Enterprise Console
To conduct a distributed installation of Tripwire Enterprise Console, complete the following
steps:
Note For an introduction to distributed installations, see About Your Tripwire Enterprise
Implementation on page 13.
To use an existing Oracle or Microsoft SQL Server database as your remote database, see:
Notes The passphrase for a remote database must be between 6 and 64 characters. Most
ASCII printable characters are allowed, with a few exceptions:
Tripwire Enterprise 8.3 Installation & Maintenance Guide 26 Chapter 1. Installing Tripwire Enterprise Console
Installing a Remote MySQL Database
With this procedure, you can install a new MySQL database for use as your remote database.
The database can be installed on any system with a Solaris, Windows, or Linux platform
supported by MySQL.
Make a note of your specified settings, such as port numbers. You may need
this information at a later date.
5. In the Post-Installation Summary dialog, read the summary information and click Done.
Note: Console mode installs your Tripwire Enterprise Console software and database with a command-
line interface. To run your installation in console mode, add the -i console flag to the installer
command. For example:
./install-server-linux-x86.bin -i console
To complete the command-line installer, follow the on-screen instructions.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 27 Chapter 1. Installing Tripwire Enterprise Console
Configuring a Remote Oracle Database
To use an existing Oracle database as your remote database, you must first configure the
database so that Tripwire Enterprise information can be written to it.
Tip If you need assistance with this procedure, consult your Oracle database
administrator.
oracle.optimizerMode=all_rows
To configure your Oracle database, complete the following steps at an SQL prompt:
1. Create a tablespace for Tripwire Enterprise Console:
CREATE TABLESPACE <tablespace_name>
DATAFILE <path_to_datafile_and_file_name>
SIZE 2000M
AUTOEXTEND ON
EXTENT MANAGEMENT LOCAL;
Tripwire Enterprise 8.3 Installation & Maintenance Guide 28 Chapter 1. Installing Tripwire Enterprise Console
Configuring a Remote Microsoft SQL Server Database
To use a Microsoft SQL Server 2005, 2008, or 2012 database as your remote database,
complete the following steps:
Tripwire Enterprise 8.3 Installation & Maintenance Guide 29 Chapter 1. Installing Tripwire Enterprise Console
Step 2 for MS SQL Server - Create the Remote Database
To create the Microsoft SQL Server database that will serve as your Tripwire Enterprise
Console database:
1. In the Object Explorer of the Microsoft SQL Server Management Studio, right-click
Databases and select New Database.
2. In the main pane of the New Database dialog (see Figure 3 below):
a. Enter a Database Name.
Note Make a note of the database name. You will need it to complete the
Tripwire Enterprise Console Database installer.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 30 Chapter 1. Installing Tripwire Enterprise Console
3. Click the Autogrowth button for the data file, and complete the following steps in the
Change Autogrowth dialog:
a. Select Enable Autogrowth.
b. Enter appropriate settings (including at least 20 MB as the File Growth setting) and
click OK.
4. Click the Autogrowth button for the transaction log file, and complete the following steps
in the Change Autogrowth dialog:
a. Select Enable Autogrowth.
b. Enter appropriate settings (including at least 20 MB as the File Growth setting) and
click OK.
5. In the New Database dialog, select Options (see Figure 4 below).
a. In the Collation drop-down, select Latin1_General_CS_AI.
b. In the Recovery Model drop-down, select Simple.
c. In the Miscellaneous list, set the ANSI NULL Default value to True.
6. Click OK to close the New Database dialog.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 31 Chapter 1. Installing Tripwire Enterprise Console
7. In the toolbar, click New Query (see Figure 5 below).
8. In the main pane, complete the following steps:
a. In the new query tab, enter the following SQL statement:
ALTER DATABASE [<db_name>] SET READ_COMMITTED_SNAPSHOT ON
Tip If the database name begins with a number, you must enclose the name
of the database in quotes (<db_name>).
d. Click Execute.
e. In the Results tab, verify that the value in the is_read_committed_snapshot_on
column is 1. If this value is 0, repeat steps 8a through 8b above.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 32 Chapter 1. Installing Tripwire Enterprise Console
Figure 6. Verifying that READ_COMMITTED_SNAPSHOT is on
Tripwire Enterprise 8.3 Installation & Maintenance Guide 33 Chapter 1. Installing Tripwire Enterprise Console
Step 3 for MS SQL Server - Create a Login for the Remote Database
To create a Microsoft SQL Server login with which TE will access the remote database:
1. In the Object Explorer of the Microsoft SQL Server Management Studio, expand the
Security folder (see Figure 7 on the next page).
2. Under the Security folder, right-click Logins and select New Login.
3. In the Login - New dialog:
a. Enter a Login name.
b. Select an authentication option.
c. (SQLServer authentication only) Enter and confirm the password for the login.
Tip Make a note of the login name and password. You will need it to
complete the Tripwire Enterprise Console Database installer.
Note If this setting is enabled, then your SQL Server password might change.
If the password changes, then you must reset the password with the TE
Command Line Interface (CLI) in order to re-establish communication
between the database and your Tripwire Enterprise Server. (For CLI
instructions, see Working with the Command Line Interface in the
Tripwire Enterprise Reference Guide).
e. From the Default database drop-down, select the new SQL Server database.
f. From the Default language drop-down, select English.
4. In the tree pane of the Login - New dialog, click User Mapping (see Figure 8 on the next
page).
a. Select the check box for the new database in the Map column.
b. In the Default Schema column for the database, enter the name of the new login.
(Do not click )
Caution If you incorrectly enter the login name in the Default Schema
column, an error may result when some Tripwire Enterprise
functions are run.
Do not assign a database role to the SQL Server login. If the login
has a role, your Tripwire Enterprise Server may be unable to
communicate with the database.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 34 Chapter 1. Installing Tripwire Enterprise Console
Figure 7. Creating a login for the remote database
Tripwire Enterprise 8.3 Installation & Maintenance Guide 35 Chapter 1. Installing Tripwire Enterprise Console
Step 4 for MS SQL Server - Grant Database Permissions to the Login
In this step, you grant permissions to the SQL Server login created for Tripwire Enterprise.
Tripwire Enterprise needs these permissions in order to access the remote database via the SQL
Server login.
l Connect l Delete
l Create Procedure l Insert
l Create Table l Select
l Create View l Update
5. Click OK.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 36 Chapter 1. Installing Tripwire Enterprise Console
Part II of Distributed Installation: Installing Tripwire Enterprise
Console Software
In Part I of Distributed Installation: Installing a Remote Database (on page 26), you installed a
remote database for your distributed installation. In this step, you will install the Tripwire
Enterprise Console software on your Tripwire Enterprise Server.
Note For requirements, see Requirements for a Tripwire Enterprise Server on page 20.
Caution Due to the softwares high volume of network connections and memory-
intensive operations, Tripwire Enterprise Console must be installed on a local
partition on a dedicated server (not on a mapped drive or remote file system,
such as NFS). For further details, see the Release Notes on your Tripwire
Enterprise installation DVD or in the main directory of your download archive.
Make a note of your specified settings, such as port numbers. You may need
this information at a later date.
The installation process may take several minutes. If the installer encounters errors, it will
display any available error information and help you to troubleshoot the problem.
5. If you have a Microsoft SQL Server remote database and force encryption is
enabled, complete the following steps.
a. Create (or edit) the following text file on your Tripwire Enterprise (TE) Server:
Windows: <te_root>\data\config\jtds.properties
UNIX: <te_root>/data/config/jtds.properties
b. To specify the encryption requirements for connections between your TE Server and
the database server, add the following line to the text file (jtds.properties):
SSL=<SSL_option>
Tripwire Enterprise 8.3 Installation & Maintenance Guide 37 Chapter 1. Installing Tripwire Enterprise Console
request permits all connections and employs SSL encryption if the database server
supports SSL.
require requires SSL for all connections. If the database server does not support
SSL, connections will fail.
authenticate requires SSL for all connections, as well as a valid certificate issued
by a trusted certificate authority. If the database server does not support SSL or
lacks a valid certificate, connections will fail.
c. If you entered authenticate as the SSL option, and the database server uses a self-
signed certificate or a certificate issued by a trusted authority that is not supported
by the JRE, you must add the root certificate to the keystore on the TE Server. To do
so, run the following command at a command prompt on the TE Server:
<te_root>\jre\bin\keytool -import -alias <alias> -keystore <te_
root>\data\security\cacerts.ks -keypass changeit -file <path_to_
certificate>
Table 10 (on the next page) defines the options in this command.
d. If you added a certificate to the TEServer keystore in step 5c, you must restart the
TEConsole service as described in Managing Tripwire Enterprise Console Services
on page 115 in order to force TEConsole to re-read the keystore file.
e. Open the following file on your TE Server in a text editor:
Windows: <te_root>\bin\server.conf
UNIX: <te_root>/bin/server.conf
f. Add this line to the end of the file:
wrapper.java.additional.<#>=-Djsse.enableCBCProtection=false
replacing <#> with the next number in the sequence. For example, if the last
numbered line in your current server.conf file is wrapper.java.additional.33,
you would replace <#>in the command above with 34.
6. If you have an Oracle RAC remote database and you want to use the High
Availability and failover features, complete the following steps.
a. Open the server.properties text file on your Tripwire Enterprise (TE) Server:
Windows: <te_root>\data\config\server.properties
UNIX: <te_root>/data/config/server.properties
b. Add the following line to the file:
tw.database.service=<service_name>
Tripwire Enterprise 8.3 Installation & Maintenance Guide 38 Chapter 1. Installing Tripwire Enterprise Console
Note The Oracle RAC High Availability features are only available if you
specified the SCANhostname during the TE installation process. If you
specified a VIP/FQDN hostname during installation, TE will only connect to
one instance of the cluster and the High Availability features cannot be used.
7. Restart your Tripwire Enterprise Console services (see Managing Tripwire Enterprise
Console Services on page 115).
Next To log in, see Logging In to a New Tripwire Enterprise Installation on page 95.
(Optional) For information about updating theJRE on the TE Console system, see the
Tripwire Enterprise Hardening Guide, available for download from the Tripwire
Customer Center (http://www.tripwire.com/customers).
Note: Console mode installs your Tripwire Enterprise Console software and database with a command-
line interface. To run your installation in console mode, add the -i console flag to the installer
command. For example:
./install-server-linux-x86.bin -i console
To complete the command-line installer, follow the on-screen instructions.
Option Description
Tripwire Enterprise 8.3 Installation & Maintenance Guide 39 Chapter 1. Installing Tripwire Enterprise Console
Upgrading Tripwire Enterprise Console
Upgrade Overview
To upgrade to the latest version of Tripwire Enterprise Console, use one of the following
procedures:
l To upgrade from Tripwire Enterprise 8.0 or earlier, see Upgrading Older Versions of
Tripwire Software (below).
l To upgrade from Tripwire Enterprise 8.1 or later, see Upgrading a Single-System
Installation (on page 42) or Upgrading a Distributed Installation (on page 46).
l To upgrade Tripwire Enterprise Console from a 32-bit to a 64-bit installation, first
upgrade your TE installation to the most recent 32-bit version using one of the procedures
above, then see Upgrading Tripwire Enterprise Console to a 64-bit Installation (on page
50).
Caution Tripwire Enterprise 7.6 added new features that greatly enhance scalability and
performance. As a result, upgrade times from TE versions older than version 7.6
may be substantially longer than in previous upgrades. This is especially true in
cases where a large database contains many audit events. Before you begin an
upgrade from Tripwire Enterprise 7.5V, we stronglyrecommend that you read
this article on the Tripwire Knowledge Base:
https://tripwireinc.force.com/customers/articles/
Install_and_Upgrade/Upgrading-Tripwire-Enterprise-from-75-to-76
Tip If you upgrade a Tripwire Enterprise implementation that includes custom user roles,
you should review the permissions in each role following upgrade. In some cases,
custom user roles may require new permissions for expected access to Tripwire
Enterprise objects and functions. For more information about user roles and
permissions, see What are User Permissions and User Roles? in the Tripwire
Enterprise User Guide.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 40 Chapter 1. Installing Tripwire Enterprise Console
Table 11. Upgrade paths for Tripwire Enterprise Console
Tripwire Enterprise 8.3 Installation & Maintenance Guide 41 Chapter 1. Installing Tripwire Enterprise Console
Upgrading a Single-System Installation
With this procedure, the Tripwire Enterprise Console installer upgrades a single-system
installation of Tripwire Enterprise Console 8.1 or later to the latest version. Prior to upgrading,
you should first review the following sections:
Caution You should back up your Tripwire Enterprise data before upgrading. For
instructions, see Backing Up Tripwire Enterprise Data on page 108.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 42 Chapter 1. Installing Tripwire Enterprise Console
Step 2. Upgrading the Tripwire Enterprise Software and Database
In this step, the Tripwire Enterprise Console installer upgrades your current Tripwire Enterprise
Console software and database to the latest version of Tripwire Enterprise Console.
The upgrade process may take some time, based on the size of your database. If the
installer encounters errors, it will display any available error information and help you to
troubleshoot the problem.
./install-server-linux-
x86.bin
64 bit:
./install-server-linux-
amd64.bin
install-server-windows-
x86.exe
64 bit:
install-server-windows-
amd64.exe
Note: Console mode installs your Tripwire Enterprise Console software and database with a command-
line interface. To run your installation in console mode, add the -i console flag to the installer
command. For example:
./install-server-linux-x86.bin -i console
To complete the command-line installer, follow the on-screen instructions.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 43 Chapter 1. Installing Tripwire Enterprise Console
Step 3. Restarting and Refreshing Agents in Tripwire Enterprise
6. In the Restart Agents dialog, select Refresh data on Agents and click OK.
Caution The process of restarting and refreshing Agents can take a long time.
When Tripwire Enterprise completes the process for an Agent, the Log
Manager generates a System log message that states:
Before proceeding with the next step, you should review the Log Manager
to confirm that all Agents have been successfully restarted.
After Upgrading
After upgrading your TEConsole installation, you may need to perform some additional steps:
Tripwire Enterprise 8.3 Installation & Maintenance Guide 44 Chapter 1. Installing Tripwire Enterprise Console
l After upgrading, all errors displayed in the Node Manager (exclamation points)are
cleared. As TEencounters errors, they will be displayed in both the Node Manager and
the Health section of the Asset View tab.
l After upgrading, any existing nodes that do not have any active licenses will be disabled.
When you add a license to these nodes, they will be enabled again. For more information
about disabled nodes, see Temporarily Disabling Checks and Baselines on a Node in the
Tripwire Enterprise User Guide.
l (Optional) For information about updating theJRE on the TE Console system, see the
Tripwire Enterprise Hardening Guide, available for download from the Tripwire
Customer Center (http://www.tripwire.com/customers).
Tripwire Enterprise 8.3 Installation & Maintenance Guide 45 Chapter 1. Installing Tripwire Enterprise Console
Upgrading a Distributed Installation
With this procedure, the Tripwire Enterprise Console installer upgrades a distributed installation
of Tripwire Enterprise Console 8.1 or later to the latest version of TE Console. Prior to
upgrading, you should first review the following sections:
Caution You should back up your Tripwire Enterprise data before upgrading. For
instructions, see Backing Up Tripwire Enterprise Data on page 108.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 46 Chapter 1. Installing Tripwire Enterprise Console
Step 2. Stopping the Tripwire Enterprise Services
At a command prompt on your Tripwire Enterprise Server, enter the appropriate command to
stop the Tripwire Enterprise Console services.
Tip You can also stop services from the Windows Start menu.
If your Tripwire Enterprise Console database is a MySQL database, complete the following
steps. For all other databases, proceed to Step 4. Upgrading the Tripwire Enterprise Software
(on the next page).
5. In the Post-Installation Summary dialog, read the summary information and click Finish.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 47 Chapter 1. Installing Tripwire Enterprise Console
Step 4. Upgrading the Tripwire Enterprise Software
In this step, the Tripwire Enterprise Console installer upgrades your current Tripwire Enterprise
Console software to the latest version.
The upgrade process may take some time, based on the size of your database. If the
installer encounters errors, it will display any available error information and help you to
troubleshoot the problem.
5. In the Post-Installation Summary dialog, read the summary information and click Finish.
6. In the Restart Agents dialog, select Refresh data on Agents and click OK.
Caution The process of restarting and refreshing Agents can take a long time.
When Tripwire Enterprise completes the process for an Agent, the Log
Manager generates a System log message that states:
Before proceeding with the next step, you should review the Log Manager
to confirm that all Agents have been successfully restarted.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 48 Chapter 1. Installing Tripwire Enterprise Console
Step 6. Enabling Tasks in Tripwire Enterprise
After Upgrading
After upgrading your TEConsole installation, you may need to perform some additional steps:
Tripwire Enterprise 8.3 Installation & Maintenance Guide 49 Chapter 1. Installing Tripwire Enterprise Console
Upgrading Tripwire Enterprise Console to a 64-bit Installation
Starting with Tripwire Enterprise 7.6, full native 64-bit support was added to the TEConsole
software. This procedure describes the process for migrating 32-bit data from an existing TE
installation to a 64-bit installation.
Caution To avoid data loss, please back up configuration and database files each time
you are prompted to in the procedure.
Caution If you do not uninstall the 32-bit Console, you should disable the
TEConsole service or edit the services.properties file to ensure that
the Console cannot access TE database files. Otherwise, the 32-bit
Console may corrupt the database file of your 64-bit installation after you
upgrade it.
5. After the uninstallation process is complete, remove the Tripwire Enterprise root directory
entirely to remove any artifacts of the previous install.
Note To retain logs and old archived log messages for audit purposes, save the
/data/log/ directory.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 50 Chapter 1. Installing Tripwire Enterprise Console
8. Next you will restore the TE Console configuration and (optionally) database files using
the backup files from step 3.
For a single-system installation or a distributed installation with a MySQLdatabase,
use this command to restore the configuration and database files:
<te_root>/bin/tetool restore --passphrase <services_passphrase> --safe <co
nfig_file> <database_file>
For all other distributed installations, use this command to restore the configuration
file:
<te_root>/bin/tetool restore --passphrase <services_passphrase> --safe <co
nfig_file>
where <services>is the Services Password entered when you installed TE Console and
<config_file> is the path to the configuration backup file from step 3.
Note The default value for the database passphrase is the Services Password for
the TEConsole.
9. After the restore is complete, start the TEConsole services using the correct command in
Managing Tripwire Enterprise Console Services (on page 115).
The TE Console should now be using native 64-bit code on a 64-bit Java Virtual Machine. After
logging in to the 64-bit system, we recommend that you create backup versions of the 64-bit
configuration and database files.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 51 Chapter 1. Installing Tripwire Enterprise Console
Uninstalling Tripwire Enterprise Console
where <te_root> is the path to the directory in which Tripwire Enterprise Console is
installed.
4. Manually delete the Tripwire Enterprise Console installation directory (<te_root>) and its
contents.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 52 Chapter 1. Installing Tripwire Enterprise Console
To uninstall Tripwire Enterprise Console software from a Windows Tripwire Enterprise
Server with the Add/Remove Programs feature:
1. Log in to your Tripwire Enterprise Server with Administrator privileges.
2. From the Control Panel, select Add/Remove Programs.
3. Select Tripwire Enterprise Console.
4. Click Remove.
5. Follow the prompts in the uninstaller.
6. Manually delete the Tripwire Enterprise Console installation directory and all contents.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 53 Chapter 1. Installing Tripwire Enterprise Console
Uninstalling a Remote Tripwire Enterprise Console Database
With the following procedures, you can uninstall a MySQL Tripwire Enterprise Console
database from your remote database server.
4. Manually delete the Tripwire Enterprise Console installation directory and its contents.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 54 Chapter 1. Installing Tripwire Enterprise Console
Chapter 2.
Installing Tripwire
Enterprise Agent
Installation Requirements for Tripwire Enterprise Agent
l For more information about the creation of file server nodes, see Agent Node Creation in
the Tripwire Enterprise User Guide.
l To learn how other types of nodes are created, see Manual Node Creation in the Tripwire
Enterprise User Guide.
The Tripwire Enterprise Agent installer may be run with either of the following methods:
l With an interactive installation, you launch and complete the Tripwire Enterprise Agent
installer. In the installer, you respond to a series of questions and enter configuration
settings.
l With a silent installation, you use a command line or response file to automate the
installation process.
Prior to installing Tripwire Enterprise Agent, you should first read the EULA in its entirety.
Installation of Agent software implies your consent to all terms and conditions outlined in
the EULA.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 56 Chapter 2. Installing Tripwire Enterprise Agent
Preparing for Agent Installation
Caution For a successful installation, an Agent host system must be in compliance with
all requirements. If the host system does not meet all requirements, your
installation may fail.
Once all requirements have been fulfilled, proceed to the appropriate section for your platform:
Tripwire Enterprise 8.3 Installation & Maintenance Guide 57 Chapter 2. Installing Tripwire Enterprise Agent
Services Installed with Tripwire Enterprise Agent
The tables in this section list the services installed with Tripwire Enterprise Agent. For
information on the services installed with Tripwire Enterprise Console, see Services Installed
with Tripwire Enterprise Console on page 16
Requires
Agent Listening Firewall
Type Service Name Ports Access? Description
AIX teagent 9898 Y Incoming RMI from TE Console
teges none
teges none
Tripwire Enterprise 8.3 Installation & Maintenance Guide 58 Chapter 2. Installing Tripwire Enterprise Agent
Requirements for an Agent System
Prior to installing Tripwire Enterprise Agent software, you should first ensure that each host
system complies with the requirements in the following sections:
Supported Platforms
l The operating systems on which Tripwire Enterprise Agent software may be installed.
l The operating systems on which the Tripwire Enterprise Event Generator can be installed.
An Event Generator is required for real-time monitoring of an Agent system. When you
run the TE Agent installer on a supported Solaris system, an Event Generator is
automatically installed. For all other supported platforms, the installer gives you the option
of installing an Event Generator.
http://www.tripwire.com/register/tripwire-enterprise-platform-and-device-support
Network Requirements
To install Tripwire Enterprise Agent, the host system must provide a free port to listen for
communications from your Tripwire Enterprise Server. Port 9898 is the default setting.
Note If needed, you can change the communication port after installation of Tripwire
Enterprise Agent. To do so, edit the following line in the Agent properties file
(<TE_root>/data/config/agent.properties):
tw.local.port=<communication_port>
To install TE Agent on an AIX system, the system must have AIX 5.3 Technology Level 9
and Patch Level 2. To validate these requirements, run oslevel s. The return value should be
5300-09-02-0849 or higher.
To install TE Agent on a Solaris or HP-UX system, you must first install all required patches
for the platform.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 59 Chapter 2. Installing Tripwire Enterprise Agent
Installing Tripwire Enterprise Agent
The AIX Event Generator utilizes native OS auditing as its event source. TEedits both the bin
and stream commands of the audit system to include Tripwire's event filter, so that events that
are only of interest to Tripwire are filtered from the audit log of the system. This allows you to
continue to use auditing normally in parallel with Tripwire's monitoring.
The TE Agent installer can configure the native OS auditing during installation, or after
installation you can run the configuration script (found in <te_root>/sup/rtm/ with the other
real-time monitoring components) manually.
For a download installation, expand the download file to a temporary directory on the local
drive.
3. To install the software in the default installation directory
(/usr/local/tripwire/te/agent), launch the installer by entering the following
command at a command prompt:
./te_agent.bin
To install the software in a different directory, add the --install-dir option as follows:
./te_agent.bin --install-dir <installation_directory>
Note If you install the software in a directory other than the default location, make
a note of it. You will need the full path to start the Agent.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 60 Chapter 2. Installing Tripwire Enterprise Agent
4. If AIX is not already configured for auditing, the installer will prompt:
Audit configuration should take place so that real time will work. Do you
want to allow audit configuration? [y/N]
5. If either binmode and streammode are set to on in the audit configuration file, the installer
will prompt you to either leave these settings on or turn them off. Tripwire recommends
setting both of these to off, unless they are required for non-TE OS auditing.
If binmode and streammode are set to off in the audit configuration file, installation will
complete normally.
6. If you chose not to configure auditing in step 4, you should configure it now. For more
information on this process, see Post-Installation Audit Configuration on page 64.
7. (Optional)If you create a tag file for this Agent, the tags in the file will automatically be
assigned to this node when it is added to a TEConsole. See Using Tag Files to Assign
Tags to New Agents on page 87 for more information.
Follow these steps to create a tag file:
a. Create a text file named agent.tags.conf with the tags that you want to assign.
b. Copy the tag file to <te_root>/agent/data/config on the Agent system.
8. Start the Agent. For instructions, see Managing the Tripwire Enterprise Agent Service on
page 116.
Next (Optional) To encrypt all communications between the new Agent and your TE
Server in compliance with the Federal Information Processing Standardization (FIPS)
140-2 standard, see Configuring FIPS Mode (on page 124).
Tripwire Enterprise 8.3 Installation & Maintenance Guide 61 Chapter 2. Installing Tripwire Enterprise Agent
Silent Installation for AIX
Note By installing Tripwire Enterprise Agent software, you consent to all terms and
conditions outlined in the Tripwire EULA. For more information, see The End-User
License Agreement on page 56.
For a download installation, expand the file to a temporary directory on the local drive.
3. To install the software in the default installation directory
(/usr/local/tripwire/te/agent), launch the installer by entering the following
command at a command prompt:
./te_agent.bin --eula accept --silent --server-host <server_host>
--server-port <server_port> --passphrase <services_password>
--rtmport <port number> --enable-audit-conf <true|false>
--turn-bin-mode-off <true|false> --turn-stream-mode-off <true|false>
Note If you install the software in a directory other than the default location, make
a note of it. You will need the full path to start the Agent.
4. (Optional)If you create a tag file for this Agent, the tags in the file will automatically be
assigned to this node when it is added to a TEConsole. See Using Tag Files to Assign
Tags to New Agents on page 87 for more information.
Follow these steps to create a tag file:
a. Create a text file named agent.tags.conf with the tags that you want to assign.
b. Copy the tag file to <te_root>/agent/data/config on the Agent system.
5. Start the Agent. For instructions, see Managing the Tripwire Enterprise Agent Service on
page 116.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 62 Chapter 2. Installing Tripwire Enterprise Agent
Table 14. Command-line components for AIX silent installations
Command-line
Component Description
--enable- (Optional) Tells the installer to configure AIX for auditing. If set to false, you must
audit-conf manually configure auditing after the installation. For more information, see Post-
Installation Audit Configuration on the next page.
<true|false>
Note: This setting must be used in conjunction with the--rtmport, --turn-bin-
mode-off, and --turn-stream-mode-off settings.
--http-port (Optional) If you enable FIPSmode for the Agent with --enable-fips, you must
<http_port> include this option to specify the HTTP port on your TE Server (8080 by default).
--passphrase The same Services Password entered when Tripwire Enterprise Console was
installed.
<services_
password>
--proxy-port (Optional) The number of the port on a Tripwire Enterprise proxy with which TE will
communicate with the proxy.
<proxy_port>
Note: For more information about proxies, see Configuring a Tripwire Enterprise
Proxy for Agent Communication on page 102.
--server-port The number of the services port on your Tripwire Enterprise Server (9898 by
default).
<server_port>
Note: You specified the services port when you installed Tripwire Enterprise
Console. The Tripwire Enterprise Server communicates with all Agents via the
services port.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 63 Chapter 2. Installing Tripwire Enterprise Agent
Command-line
Component Description
--turn-bin- (Optional) Turns AIX auditing binmode on or off. Tripwire recommends setting this
mode-off to true (unless binmode is required for non-TE OS Auditing).
<true|false>
Note: This setting must be used in conjunction with the --enable-audit-conf,
--rtmport, and --turn-stream-mode-off settings.
--turn-stream- (Optional) Turns AIX Auditing streammode on or off. Tripwire recommends setting
mode-off this to true (unless streammode is required for non-TE OS Auditing).
<true|false>
Note: This setting must be used in conjunction with the --enable-audit-conf,
--turn-bin-mode-off, and --rtmport settings.
If you did not configure AIXaudit configuration during the TEAgent installation process, run
the following script from the command line of the AIXAgent system:
<te_root>/sup/rtm/teauditconfig
If either binmode or streammode are on, you will be prompted to either leave them on or turn
them off. Tripwire recommends turning these off, unless they are required for non-TE OS
auditing.
If you uninstall the Agent or want to disable real-time monitoring, you should restore the
modified audit configuration files using the backup copies.
3. Use commands like the following to restore the bincmds, config, and streamcmds files:
a. mv bincmds bincmds.tw
b. mv bincmds.<datestamp> bincmds
Tripwire Enterprise 8.3 Installation & Maintenance Guide 64 Chapter 2. Installing Tripwire Enterprise Agent
Installing Tripwire Enterprise Agent on Apple OS X
The OS X version of the Tripwire Enterprise Agent installer is available in two forms:
Note Java Runtime Environment (JRE) version 1.6.0_37 or later must be installed on an
OS Xsystem before TE Agent can be installed. For information on installing a JRE,
see your OS Xsystem documentation or contact Apple Support.
For a download installation, expand the download file to a directory on the local drive.
3. For the command-line installer, use the following command to launch the installer:
./te_agent.bin
For the GUI installer, double-click on the te_agent.dmg file to open it, then double-click
the Tripwire Enterprise Agent.app file.
With either installation method, the software is installed to
/usr/local/tripwire/te/agent and this location cannot be changed.
Note If you install the Event Generator, you can monitor the Agent system in real
time. For more details, see How Does an Event Generator Collect Audit
Events? in the Tripwire Enterprise User Guide.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 65 Chapter 2. Installing Tripwire Enterprise Agent
5. (Optional)If you create a tag file for this Agent, the tags in the file will automatically be
assigned to this node when it is added to a TEConsole. See Using Tag Files to Assign
Tags to New Agents on page 87 for more information.
Follow these steps to create a tag file:
a. Create a text file named agent.tags.conf with the tags that you want to assign.
b. Copy the tag file to <te_root>/agent/data/config on the Agent system.
Next (Optional) To encrypt all communications between the new Agent and your TE
Server in compliance with the Federal Information Processing Standardization (FIPS)
140-2 standard, see Configuring FIPS Mode (on page 124).
Tripwire Enterprise 8.3 Installation & Maintenance Guide 66 Chapter 2. Installing Tripwire Enterprise Agent
Silent Installation for OS X
Notes Java Runtime Environment (JRE) version 1.6.0_37 or later must be installed on an
OS Xsystem before TE Agent can be installed. For information on installing a
JRE, see your OS Xsystem documentation or contact Apple Support.
By installing Tripwire Enterprise Agent software, you consent to all terms and
conditions outlined in the Tripwire EULA. For more information, see The End-
User License Agreement on page 56.
For a download installation, expand the download file to a directory on the local drive.
3. Use the following command to launch the installer:
./te_agent.bin --eula accept --silent --server-host <server_host>
--server-port <server_port> --passphrase <services_password>
For descriptions of command-line components, see Table 15 on the next page. The
software is installed to /usr/local/tripwire/te/agent and this cannot be changed.
By default, the installer also installs an Event Generator that uses port 1169 to
communicate with Tripwire Enterprise Agent. To specify a different port, add:
--install-rtm true --rtmport <EG_port>
4. (Optional)If you create a tag file for this Agent, the tags in the file will automatically be
assigned to this node when it is added to a TEConsole. See Using Tag Files to Assign
Tags to New Agents on page 87 for more information.
Follow these steps to create a tag file:
a. Create a text file named agent.tags.conf with the tags that you want to assign.
b. Copy the tag file to <te_root>/agent/data/config on the Agent system.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 67 Chapter 2. Installing Tripwire Enterprise Agent
Table 15. Command-line components for OS X silent installations
Command-line
Component Description
--http-port (Optional) If you enable FIPSmode for the Agent with --enable-fips, you must
<http_port> include this option to specify the HTTP port on your TE Server (8080 by default).
--install-rtm (Optional) By default, the installer installs an Event Generator that communicates
with Tripwire Enterprise Agent via port 1169. To use a different port, enter this
[true|false]
option with a value of true, and specify the port with the --rtmport option.
To prevent the installation of an Event Generator, enter this option with a value of
false.
Note: If you enter false, you can always install the Event Generator at a later time
(see Managing the Event Generator Service on page 118).
--passphrase The same Services Password entered when Tripwire Enterprise Console was
installed.
<services_
password>
--proxy-port (Optional) The number of the port on a Tripwire Enterprise proxy with which TE will
communicate with the proxy.
<proxy_port>
Note: For more information about proxies, see Configuring a Tripwire Enterprise
Proxy for Agent Communication on page 102.
--rtmport (Optional) If you enter a --install-rtm option, you can use this option to
<EG_port> specify a non-default port for communications between the Event Generator and
Tripwire Enterprise Agent. (The default port is 1169.)
--server-port The number of the services port on your Tripwire Enterprise Server (9898 by
default).
<server_port>
Note: You specified the services port when you installed Tripwire Enterprise
Console software on your Tripwire Enterprise Server. The TE Server communicates
with all Agents via the services port.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 68 Chapter 2. Installing Tripwire Enterprise Agent
Installing Tripwire Enterprise Agent on HP-UX
The HP-UX version of the Tripwire Enterprise Agent installer is a native SD-UX package
(.depot) named te_agent.depot.
where <depot_file_path> is the absolute path to the depot file on your Tripwire
Enterprise installation DVD (or in your download archive).
To install the software in a different directory, replace TWeagent with the following value:
TWeagent:<installation_directory>/
Note If you install the software in a directory other than the default location, make
a note of it. You will need the full path to start the Agent.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 69 Chapter 2. Installing Tripwire Enterprise Agent
5. (Optional)If you create a tag file for this Agent, the tags in the file will automatically be
assigned to this node when it is added to a TEConsole. See Using Tag Files to Assign
Tags to New Agents on page 87 for more information.
Follow these steps to create a tag file:
a. Create a text file named agent.tags.conf with the tags that you want to assign.
b. Copy the tag file to <te_root>/agent/data/config on the Agent system.
6. Start the Agent. For instructions, see Managing the Tripwire Enterprise Agent Service on
page 116.
Next (Optional) To encrypt all communications between the new Agent and your TE
Server in compliance with the Federal Information Processing Standardization (FIPS)
140-2 standard, see Configuring FIPS Mode (on page 124).
Tripwire Enterprise 8.3 Installation & Maintenance Guide 70 Chapter 2. Installing Tripwire Enterprise Agent
Silent Installation for HP-UX
Note By installing Tripwire Enterprise Agent software, you consent to all terms and
conditions outlined in the Tripwire EULA. For more information, see The End-User
License Agreement on page 56.
To silently install Tripwire Enterprise Agent on an HP-UX system, complete the following
tasks:
To convert the depot package file (te_agent.depot) from tape format to a file system
layout format:
1. Log in to the HP-UX system with root privileges.
2. At a command prompt, enter the following command:
/usr/sbin/swcopy -s <depot_file_path>/te_agent.depot \*
where <depot_file_path> is the absolute path to the depot file on your Tripwire
Enterprise installation DVD (or in your download archive).
With an interactive installation, you provide answers to a series of questions presented by the
Tripwire Enterprise Agent installer. With a silent installation on an HP-UX system, you enter
your answers in a response file prior to installation. When you install the Agent (in Step 3.
Installing Tripwire Enterprise Agent on the next page), the installer automatically gathers the
required information from the response file.
/var/spool/sw/catalog/TWeagent/TWeagent_FILES/response
To create a response file for silent installation of Tripwire Enterprise Agent on an HP-UX
system:
1. Log in to the system with root privileges.
2. Enter the following swask command to generate the response file:
/usr/sbin/swask -s /var/spool/sw TWeagent
Tripwire Enterprise 8.3 Installation & Maintenance Guide 71 Chapter 2. Installing Tripwire Enterprise Agent
Step 3. Installing Tripwire Enterprise Agent
To install the software in a different directory, replace TWeagent with the following value:
TWeagent:<installation_directory>/
Note If you install the software in a directory other than the default location, make
a note of it. You will need the full path to start the Agent.
3. (Optional)If you create a tag file for this Agent, the tags in the file will automatically be
assigned to this node when it is added to a TEConsole. See Using Tag Files to Assign
Tags to New Agents on page 87 for more information.
Follow these steps to create a tag file:
a. Create a text file named agent.tags.conf with the tags that you want to assign.
b. Copy the tag file to <te_root>/agent/data/config on the Agent system.
4. Start the Agent. For instructions, see Managing the Tripwire Enterprise Agent Service on
page 116.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 72 Chapter 2. Installing Tripwire Enterprise Agent
Installing Tripwire Enterprise Agent on Linux
The Linux version of the TE Agent installer is a native RPM package. The native RPM package
and usage license are embedded in the delivered binary file (te_agent.bin). To install TE
Agent on a Linux system, see:
Notes If you install the software in a directory other than the default location, make
a note of it. You will need the full path to start the Agent.
If you install an Event Generator with the Agent, you can monitor the Agent
system in real time. For more details, see How Does an Event Generator
Collect Audit Events? in the Tripwire Enterprise User Guide.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 73 Chapter 2. Installing Tripwire Enterprise Agent
6. Start the Agent. For instructions, see Managing the Tripwire Enterprise Agent Service on
page 116.
Next (Optional) To encrypt all communications between the new Agent and your TE
Server in compliance with the Federal Information Processing Standardization (FIPS)
140-2 standard, see Configuring FIPS Mode (on page 124).
Tripwire Enterprise 8.3 Installation & Maintenance Guide 74 Chapter 2. Installing Tripwire Enterprise Agent
Silent Installation for Linux
Note By installing Tripwire Enterprise Agent software, you consent to all terms and
conditions outlined in the Tripwire EULA. For more information, see The End-User
License Agreement on page 56.
By default, the installer also installs an Event Generator that uses port 1169 to
communicate with Tripwire Enterprise Agent. To specify a different port, add the
following options:
--install-rtm true --rtmport <EG_port>
Note If you install the software in a directory other than the default location, make
a note of it. You will need the full path to start the Agent.
4. (Optional)If you create a tag file for this Agent, the tags in the file will automatically be
assigned to this node when it is added to a TEConsole. See Using Tag Files to Assign
Tags to New Agents on page 87 for more information.
Follow these steps to create a tag file:
a. Create a text file named agent.tags.conf with the tags that you want to assign.
b. Copy the tag file to <te_root>/agent/data/config on the Agent system.
5. Start the Agent. For instructions, see Managing the Tripwire Enterprise Agent Service on
page 116.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 75 Chapter 2. Installing Tripwire Enterprise Agent
Table 16. Command-line components for Linux silent installations
Command-line
Component Description
--http-port (Optional) If you enable FIPSmode for the Agent with --enable-fips, you must
<http_port> include this option to specify the HTTP port on your TE Server (8080 by default).
--install-rtm (Optional) By default, the installer installs an Event Generator that communicates
with Tripwire Enterprise Agent via port 1169. To use a different port, enter this
[true|false]
option with a value of true, and specify the port with the --rtmport option.
To prevent the installation of an Event Generator, enter this option with a value of
false.
Note: If you enter false, you can always install the Event Generator at a later time.
For instructions, see Managing the Event Generator Service on page 118.
--passphrase The same Services Password entered when Tripwire Enterprise Console was
installed.
<services_
password>
--proxy-port (Optional) The number of the port on a Tripwire Enterprise proxy with which TE will
communicate with the proxy.
<proxy_port>
Note: For more information about proxies, see Configuring a Tripwire Enterprise
Proxy for Agent Communication on page 102.
--rtmport <EG_ (Optional) If you enter a --install-rtm option, you can use this option to
port> specify a non-default port for communications between the Event Generator and
Tripwire Enterprise Agent. (The default port is 1169.)
--server-port The number of the services port on your Tripwire Enterprise Server (9898 by
default).
<server_port>
Note: You specified the services port when you installed Tripwire Enterprise
Console software on your Tripwire Enterprise Server. The TE Server communicates
with all Agents via the services port.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 76 Chapter 2. Installing Tripwire Enterprise Agent
Installing Tripwire Enterprise Agent on Solaris
The Solaris version of the Tripwire Enterprise Agent installer is a native Solaris package. The
package and usage license are embedded in the package file (te_agent.pkg).
Tip To grant a non-root user account the ability to access files and directories that
would otherwise be unreadable, add the following command:
usermod -K defaultpriv=basic,file_dac_read,
file_dac_search <username>
Where <username> is the name of the user account. For more information
about Solaris Role-Based Access Controls, see the rbac(5) and privileges(5)
Solaris man pages.
2. For a DVD installation, copy one of the following files from the Tripwire Enterprise
installation DVD to a temporary directory on the local drive.
l For SPARC: te_agent/solaris/sparc/te_agent.pkg
l For x86: te_agent/solaris/x86/te_agent.pkg
For a download installation, expand the download file to a temporary directory on the local
drive.
3. Launch the installer with one of the following commands.
If you logged in with root privileges, enter:
pkgadd -d <pkg_file_path>/te_agent.pkg TWeagent
Tripwire Enterprise 8.3 Installation & Maintenance Guide 77 Chapter 2. Installing Tripwire Enterprise Agent
5. (Optional)If you create a tag file for this Agent, the tags in the file will automatically be
assigned to this node when it is added to a TEConsole. See Using Tag Files to Assign
Tags to New Agents on page 87 for more information.
Follow these steps to create a tag file:
a. Create a text file named agent.tags.conf with the tags that you want to assign.
b. Copy the tag file to <te_root>/agent/data/config on the Agent system.
6. Start the Agent. For instructions, see Managing the Tripwire Enterprise Agent Service on
page 116.
7. If the Agent will use a TE Event Generator for real-time monitoring in a non-global zone,
complete the steps in Configuring the Global Event Source for Non-Global Zones (on the
next page).
Next (Optional) To encrypt all communications between the new Agent and your TE
Server in compliance with the Federal Information Processing Standardization (FIPS)
140-2 standard, see Configuring FIPS Mode (on page 124).
Tripwire Enterprise 8.3 Installation & Maintenance Guide 78 Chapter 2. Installing Tripwire Enterprise Agent
Configuring the Global Event Source for Non-Global Zones
When you install TE Agent on a Solaris system's global zone, the Global Event Source is
included with the installation. If you want to run the TE Event Generator on a Solaris
system, you must configure the Global Event Source on the system's global zone. The
Global Event Source gathers operating system events and makes them available to the
Event Generator. In turn, the Event Generator forwards the events to the Agent.
On a Solaris 10 system, the SUNWzoner and SUNWzoneu packages are required to run the
TEEvent Generator. If you are using the Solaris Live Update feature, you may also want to
install the SUNWluzone package.
To enable the Global Event Source once TE Agent has been installed on a Solaris
system, run the following command on the system's global zone:
svcadm enable teges
To configure the Global Event Source, complete the following steps for each non-
global zone:
1. In the zonecfg file, edit the zone's configuration as follows:
zonecfg -z <zone_name>
Tripwire Enterprise 8.3 Installation & Maintenance Guide 79 Chapter 2. Installing Tripwire Enterprise Agent
Silent Installation for Solaris
Note By installing Tripwire Enterprise Agent software, you consent to all terms and
conditions outlined in the Tripwire EULA. For more information, see The End-User
License Agreement on page 56.
To silently install Tripwire Enterprise Agent on a Solaris system, complete the following tasks:
With an interactive installation, you provide answers to a series of questions presented by the
Tripwire Enterprise Agent installer. With a silent installation on a Solaris system, you enter your
answers in a response file prior to installation. When you install the Agent (in Step 3. Adding the
Package File on page 82), the installer automatically gathers the required information from the
response file.
Tip To assign root-level, file-read privileges to a local, non-root user account, log
in with root privileges and run the following command:
usermod -K defaultpriv=basic,file_dac_read,
file_dac_search <username>
Where <username> is the name of the local user account. For more
information, see the usermod(1M) and pfexec(1) Solaris man pages.
2. For a DVD installation, copy one of the following files from the Tripwire Enterprise
installation DVD to a temporary directory on the local drive.
l For SPARC: te_agent/solaris/sparc/te_agent.pkg
l For x86: te_agent/solaris/x86/te_agent.pkg
For a download installation, expand the download file to a temporary directory on the local
drive.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 80 Chapter 2. Installing Tripwire Enterprise Agent
3. Launch the installer with one of the following commands.
If you logged in with root privileges, enter:
pkgask -d <pkg_file_path>/te_agent.pkg
-r <response_file_path>/response_file TWeagent
5. If the Agent will use a TE Event Generator for real-time monitoring in a non-global zone,
complete the steps in Configuring the Global Event Source for Non-Global Zones on page
79.
-d <pkg_file_path> The full path name of the directory to which you copied the Solaris
package file ( te_agent.pkg).
-r <response_file_path> The full path name of the directory in which the response file
( response_file) will be created.
An admin file defines how the pkgadd utility installs packages on a Solaris system. To silently
install Tripwire Enterprise Agent on a Solaris system, you must create a customized copy of the
systems default admin file.
2. Copy the default admin file to another local directory. Name the new file admin_file.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 81 Chapter 2. Installing Tripwire Enterprise Agent
3. Edit admin_file to match the following content:
#ident "@(#)default 1.4 92/12/23 SMI" /* SVr4.0 1.5.2.1 */
mail=
instance=overwrite
partial=ask
runlevel=ask
idepend=ask
rdepend=ask
space=ask
setuid=ask
conflict=ask
action=nocheck
basedir=default
1. To add the Solaris package file (te_agent.pkg), enter one of the following commands at a
command prompt on the Solaris system.
If you created the response file with root privileges (see Step 1. Creating a Response
File on page 80), enter:
pkgadd -n -r <response_file_path>/response_file
-a <admin_file_path>/admin_file -d <pkg_file_path>/te_agent.pkg TWeagent
If you created the response file with a local user account, enter:
/usr/bin/pfexec /usr/sbin/pkgadd -d <pkg_file_path>/te_agent.pkg
-r <response_file_path>/response_file TWeagent
3. Start the Agent. For instructions, see Managing the Tripwire Enterprise Agent Service on
page 116.
-a <admin_file_path> The full path name of the directory containing the admin file
( admin_file).
-d <pkg_file_path> The full path name of the directory containing the package file
( te_agent.pkg).
-r <response_file_path> The full path name of the directory containing the response file
( response_file).
Tripwire Enterprise 8.3 Installation & Maintenance Guide 82 Chapter 2. Installing Tripwire Enterprise Agent
Installing Tripwire Enterprise Agent on Windows
The Windows Tripwire Enterprise Agent installer uses Microsoft Windows Installer (.msi)
technology to implement a native installer package, a single file package named te_agent.msi.
3. For a DVD installation, navigate to the appropriate directory for your platform:
For 32-bit: \te_agent\windows\i386
For 64-bit: \te_agent\windows\x86_64
For a download installation, expand the appropriate zip file (32-bit or 64-bit) to a
temporary directory on the local drive.
4. Launch the installer by executing the te_agent.msi file. Follow the on-screen instructions
to complete the installer.
Note If you install the Event Generator, you can monitor the Agent system in real
time. For more details, see How Does an Event Generator Collect Audit
Events? in the Tripwire Enterprise User Guide.
5. If you did not select the Start Agent after installation check box in the installer,
complete the steps in Managing the Tripwire Enterprise Agent Service on page 116.
Next (Optional) To encrypt all communications between the new Agent and your TE
Server in compliance with the Federal Information Processing Standardization (FIPS)
140-2 standard, see Configuring FIPS Mode (on page 124).
Tripwire Enterprise 8.3 Installation & Maintenance Guide 83 Chapter 2. Installing Tripwire Enterprise Agent
Silent Installation for Windows
Note By installing Tripwire Enterprise Agent software, you consent to all terms and
conditions outlined in the Tripwire EULA. For more information, see The End-User
License Agreement on page 56.
Note If you plan to start the Agent manually after installation and set
START_AGENT=false in step 2, you can create the tag file as described above
after running the installer.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 84 Chapter 2. Installing Tripwire Enterprise Agent
Table 19. Command-line components for Windows silent installations
Command-line
Component Description
ACCEPT_EULA= If you agree to the terms of the Tripwire EULA, enter true. If you do not
[true|false] agree to the terms, you cannot install Tripwire Enterprise Agent.
Note: If you enter false, you can always install the Event Generator at a
later time (see Managing the Event Generator Service on page 118).
RTMPORT= (Optional) If you install an Event Generator (EG) with the INSTALL_RTM
<Event_Generator_port> command, the EG communicates with the Agent via port 1169 by
default. To use a different port, enter the port number here.
SERVICES_PASSWORD= The same Services Password entered when Tripwire Enterprise Console
was installed.
<services_password>
If you enter false, you will need to start the Agent following installation
(see Managing the Tripwire Enterprise Agent Service on page 116).
TE_PROXY_PORT= (Optional) The number of the port on a Tripwire Enterprise proxy with
which TE will communicate with the proxy.
<te_proxy_port>
Note: For more information about proxies, see Configuring a Tripwire
Enterprise Proxy for Agent Communication on page 102.
TE_SERVER_HTTP_PORT= (Optional) If you enable FIPSmode for the Agent with INSTALL_FIPS,
<http_port> you must include this option to specify the HTTP port on your TE Server
(8080 by default).
Tripwire Enterprise 8.3 Installation & Maintenance Guide 85 Chapter 2. Installing Tripwire Enterprise Agent
Command-line
Component Description
TE_SERVER_PORT= (Optional) The number of the services port on your Tripwire Enterprise
Server (9898 by default).
<server_port>
Note: You specified the services port when you installed Tripwire
Enterprise Console. The Tripwire Enterprise Server communicates with all
Agents via the services port.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 86 Chapter 2. Installing Tripwire Enterprise Agent
Using Tag Files to Assign Tags to New Agents
Starting with Tripwire Enterprise 8.3.7, tag files can be deployed with new TEAgent
installations to simplify onboarding of new systems. A tag file is a text file on an Agent system
that specifies tags to be assigned to the asset the first time it is added to a TEConsole.
Tag files can be useful when automatic tagging profiles alone are not sufficient to tag assets, for
example in cases when different assets share the same IP address or hostname.
Note For more information on tags, tagging profiles, and how they can be used in TE, see
Getting Started with Tags in the Tripwire Enterprise User Guide.
l Specific instructions for deploying tag files on each platform are in the TEAgent
installation procedures in Chapter 2: Installing Tripwire Enterprise Agent (on page 55).
l Tag files must be named agent.tags.conf, and must be located in the Agent system's
<te_root>/agent/data/config directory. The format for a tag file is specified in Tag
File Format (below).
l A tag file must be present before the Agent has started for the first time, and the tags in
the file are only assigned the first time the asset is added to a TE Console. Subsequent
restarts will not add tags or modify the tags already assigned.
l Tags in a tag file are added in addition to the system tags (Operating System, Status,
etc.) that are automatically assigned when an asset is added to TEConsole.
l Tags and tag sets used in the tag file must already exist within a TE Console when the
asset is added. If new tags or tag sets are included in a tag file, no tags in the file will be
assigned, and the Console will generate an error.
l Only user-created tags and tag sets can be added using a tag file. If system tag sets or
operational tag sets are included in a tag file, they will be ignored.
l If an asset's tag file contains errors when it is added to TEConsole, the asset is tagged
with a Health:Uncategorized Error tag. In addition, an error message with the category
Asset View Change will be added to the Log Manager and teserver.log file.
<tag_set_name>:<tag>
For example:
Purpose:Application
Importance:Critical
Policy:CIS
Tripwire Enterprise 8.3 Installation & Maintenance Guide 87 Chapter 2. Installing Tripwire Enterprise Agent
Comments can be included in the tag file if they are preceded by a # character. For example:
Special characters can be used in tag sets and tag names, but the : and # characters must be
escaped with the \ character if they are used. White space will be ignored in the tag set and tag
declaration. For example:
# White Space
Purpose: Application
# Hash Tag
\#HashTagSet:Hash\#Tag
# Colon
\:ColonTagSet:Colon\:Tag
Tripwire Enterprise 8.3 Installation & Maintenance Guide 88 Chapter 2. Installing Tripwire Enterprise Agent
Upgrading Tripwire Enterprise Agents
To upgrade a Tripwire Enterprise Agent, complete the following steps:
During an upgrade, Tripwire Enterprise will install either the 32-bit or 64-bit Tripwire Agent
software, matched to the operating system of the Agent system. If you want to upgrade 32-bit
Agent software on a 64-bit operating system, you must manually uninstall and re-install the
Agent software.
Note You cannot use this procedure to upgrade an Agent on a platform that is not
supported by the current version of Tripwire Enterprise. For a complete list of
supported platforms for the current TE release, see:
http://www.tripwire.com/register/
tripwire-enterprise-platform-and-device-support
If you upgrade an Agent running a platform that supports Event Generators (see Supported
Platforms on page 59), Tripwire Enterprise also:
You can override this default behavior for Windows Agents by uploading a properties file (in the
procedure below)containing one or both of the following lines:
install_rtm=false
rtm_port=<port_number>
Where:
Notes When upgrading an Agent on a Solaris 10 system, the install_rtm option cannot
be used to prevent the installation of an Event Generator. An Event Generator is
always installed.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 89 Chapter 2. Installing Tripwire Enterprise Agent
Step 1. Install Agent Update Packs
To upgrade Tripwire Enterprise Agent, you must first install Agent update packs on your
Tripwire Enterprise Server.
To install Agent update packs on a UNIX or Linux TE Server, log in as a privileged user
and run the following commands:
1. To create a local directory for the Agent update packs, enter:
mkdir /usr/local/tripwire/te/server/lib/updaters
chown tripwire:tripwire /usr/local/tripwire/te/server/lib/updaters
2. To copy the Agent update pack directory from your Tripwire Enterprise installation DVD
(or Web download) to the Tripwire Enterprise Console installation directory, enter:
cp -r updaters/* /usr/local/tripwire/te/server/lib/updaters
Note Do not unzip the files. The installer will unzip the files automatically at a
later point.
4. To configure the user permissions for all contents of the Agent update pack directory,
enter:
chmod 0444 *
chown tripwire:tripwire *
2. Copy all zip files from the Agent update pack directory (updaters) on your Tripwire
Enterprise installation DVD (or Web download) to the new updaters directory on the TE
Server.
Note Do not unzip the files. The installer will unzip the files automatically at a
later point.
3. To configure the user permissions for the updaters directory on the TE Server:
a. In Windows Explorer, right-click the directory and select Properties.
b. In the Properties dialog, clear (disable) the read-only attribute and verify that the
Administrators user group has the Full Control permission.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 90 Chapter 2. Installing Tripwire Enterprise Agent
Step 2. Upgrade Tripwire Enterprise Agent Software
Notes When upgrading an Agent on a Solaris system, the procedure in this section does
not allow you to change the user account with which the Agent is running. For
more information, see Installing Tripwire Enterprise Agent on Solaris on page 77.
To upgrade an Agent on a Solaris system, the upgrade must run as the root user,
and root must be added as an authorized user to the at.allow file. If you edit this
file, you may need to create a policy waiver for some Tripwire-published policies.
To upgrade Tripwire Enterprise Agent software on one or more Agent systems, complete
the following steps in the Tripwire Enterprise interface:
1. In the Manager bar, click NODES.
2. In the tree pane, select the node group that contains the Agent nodes for the systems to be
upgraded.
3. To upgrade specific Agents, select the check box of each Agent node (or node group) in
the main pane.
To upgrade all Agents displayed in the selected node group, do not select any check
boxes.
Tip If an error occurs, Tripwire Enterprise will generate an Error message in the
Log Manager. To begin troubleshooting, review the Error message.
8. For AIXsystems only, perform the following steps to enable real-time and Event
Generator functionality:
a. Log into the AIX box with root privileges.
b. Run <te root>/sup/rtm/teauditconfig.
c. Start GES (startsrc -s teges).
Tripwire Enterprise 8.3 Installation & Maintenance Guide 91 Chapter 2. Installing Tripwire Enterprise Agent
Uninstalling Tripwire Enterprise Agent
To uninstall Tripwire Enterprise Agent:
1. Log in to the system with root or Administrator privileges.
2. At a command prompt, enter the appropriate command.
UNIX and OSX: <te_root>/bin/uninstall.sh [--removeall] [--force]
Windows: <te_root>\bin\uninstall.cmd [--removeall] [--force]
For descriptions of command options, see Table 20.
Note On a Windows system, Tripwire Enterprise can also be removed with the
Add/Remove Programs feature in the Control Panel.
3. For AIXsystems only, restore the AIXaudit configuration files. For more information,
see Restoring Audit Configuration Files on page 64.
Options Description
--force If you enter the --removeall option, this option removes the files and directories
without presenting any confirmation prompts.
--removeall Removes all files and directories contained in the Tripwire Enterprise installation
directory ( <te_root>). If you omit this option from the command, the uninstaller will
retain some of the installation directorys contents, including some Tripwire Enterprise
configuration files and temporary data.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 92 Chapter 2. Installing Tripwire Enterprise Agent
Chapter 3.
Logging In
Login Overview
Following installation of Tripwire Enterprise Console, you can access Tripwire Enterprise from
any machine that has a supported Web browser and network access to your Tripwire Enterprise
Server. For a list of supported Web browsers, see Supported Web Browsers for Tripwire
Enterprise on page 23.
The initial login procedure depends upon which method was used to install Tripwire Enterprise
Console:
l If you installed Tripwire Enterprise Console for the first time (no upgrade from a previous
version), see Logging In to a New Tripwire Enterprise Installation on the next page.
l If you upgraded from Tripwire Enterprise/Server, see Logging In to an Upgraded Tripwire
Enterprise Installation on page 96.
Note If you experience problems logging in to the software, contact Tripwire Technical
Support for assistance.
where:
<TE_Server_hostname> is the hostname or IP address of your TE Server, and
<port> is the Web Services port number entered when TE Console was installed.
For example:
https://watchdog.example.com:443
3. Enter the services passphrase, then change the default passphrase for the TE
administrator user account. TEConsole will restart.
5. Use the Fast Track interface to configure Tripwire Enterprise and create a personal user
account. At the end of Fast Track, you will be logged in to TEusing this account.
Next To begin using the software, see the Tripwire Enterprise User Guide. A PDF
version is available in the docs directory on the Tripwire Enterprise installation
DVD. You can also view User Guide content in the online help, which can be
accessed by clicking Help in any Tripwire Enterprise Manager.
For more information about configuring and maintaining your Tripwire Enterprise
implementation, see:
where:
<TE_Server_hostname> is the hostname or IP address of your TE Server, and
<port> is the Web Services port number.
For example:
https://watchdog.example.com:443
Note The hostname and port number were entered when you originally installed
Tripwire Enterprise Console.
4. Your browser may display a security alert about the softwares security certificate. To
proceed, accept the certificate.
5. If you have not changed the default password for the administrator user account, you
must enter the services passphrase and then enter a new passphrase for the
administrator account. After entering a new passphrase, TEConsole will restart.
6. In the login dialog, log in with the username and password for any previous Tripwire
Enterprise user account.
Note By default, Tripwire Enterprise displays times and dates in United States
English format. In the Locale drop-down, each locale is listed twice: once in
the native language of the locale, and once in the language specified by the
locale of the local machine.
To display times and dates in a different locale, change the locale setting
when you log into the software. (If you select a Japanese locale, Tripwire
Enterprise also displays Japanese text in the user interface.)
Next If your previous Tripwire Enterprise implementation included policy tests, and you
want to import the latest policy files from the Tripwire Web site, see What are Pre-
Configured Rules and Policies? in the Tripwire Enterprise User Guide.
For more information about configuring and maintaining your Tripwire Enterprise
implementation, see:
Note A DNS server is not required for a Tripwire Enterprise (TE) implementation in a
NAT environment. However, if your environment does use DNS, be sure that each
TE system outside of the NAT resolves the systems hostname to the NAT servers
IP address. In other words, the TE system inside the NAT must resolve the
hostname to itself.
For example:
10.0.0.1internal.mycompany.cominternal
Tripwire Enterprise 8.3 Installation & Maintenance Guide 99 Chapter 4. Post-Installation Configuration
Table 21. Variables involved in NAT configuration
Variable Description
<TE_system_IP_ The IP address of the TE system inside the NAT (either a TE Server or
TE Agent).
address>
<TE_system_FQDN> The fully-qualified domain name of the TE system inside the NAT.
For example:
100.3.2.1internal.mycompany.cominternal
4. On a TE Agent system inside the NAT, configure the systems configuration file:
a. Open the agent.properties file. By default, this file is stored in:
<TE_root>/data/config/
For example:
java.rmi.server.hostname=internal.mycompany.com
5. Restart the TE service on the system inside the NAT. For instructions, see:
Tripwire Enterprise 8.3 Installation & Maintenance Guide 100 Chapter 4. Post-Installation Configuration
Configuring a Tripwire Enterprise Agent for Use on a Multi-NIC
System
A Tripwire Enterprise Server can communicate with Agents via a network interface card (NIC)
other than the primary/default interface.
where
<NIC_IP_address> is the IP address that the Agent will listen on. If not specified, the
Agent will listen on any local IPaddress
and
<NIC_FQDN> is the fully-qualified domain name of the NIC used by the TE Server for
connections to the Agent.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 101 Chapter 4. Post-Installation Configuration
Configuring a Tripwire Enterprise Proxy for Agent
Communication
A Tripwire Enterprise (TE) proxy is an Agent system that enables your TE Server to
communicate with other Agent systems on the other side of a firewall. If you create and
configure a TE proxy, all communications between your TE Server and specified Agents will
pass through the proxy, thereby bypassing the firewall.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 102 Chapter 4. Post-Installation Configuration
2. If the proxy has multiple NICs, and the Agents and TE Server are on different subnets, set
the following property to inform the TE Server of the IP addresses used by the Agents to
communicate with the proxy:
tw.proxy.nicMap = <server1_proxy>:<agent1_proxy>,<agent2_proxy>, ...
where:
<server1_proxy> is the IP address used by the TE Server to communicate with the proxy,
<agent1_proxy> is the IP address used by the first Agent to communicate with the proxy,
and
<agent2_proxy> is the IP address used by the second Agent to communicate with the
proxy.
To configure multiple proxies, insert a bar (|) between the addresses for each proxy. For
example:
tw.proxy.nicMap = <server1_proxy>:<agent1_proxy>,<agent2_proxy> | \
<server2_proxy>:<agent3_proxy>,<agent4_proxy>
\ is a line-continuation character.
3. Restart the TE Console service (see Managing Tripwire Enterprise Console Services on
page 115).
4. Enter (or confirm) the value of each property listed in Table 22 on the next page.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 103 Chapter 4. Post-Installation Configuration
Table 22. Properties for the TE proxy system
Property Description
java.rmi.server.hostname The fully-qualified domain name of the NIC used by the TE Server for
connections to the Agent.
tw.proxy.serverPort The port on the TE proxy that will receive proxy requests from TE
Agents and the TE Server (default = 1080).
tw.rpc.interfaceAddr If your TE proxy is multi-NIC with multiple domain names, enter the
domain name or IP address of the proxy system with this property.
webserver.http.port If your TE Server is using a port other than 8080 to download JAR files
to Agent systems, enter the port that is in use by the TE Server.
2. For the tw.proxy.host property, enter the IP address or FQDN of the TE proxy.
3. If you entered a non-default port for the tw.proxy.serverPort on the TE proxy (see Table
22 above), enter the same port number for the tw.proxy.port property.
4. Make sure that the tw.server.host property uses the correct IPaddress or FQDN.
To configure an Agent system at the time of installation, complete the appropriate installation
procedure in Chapter 2: Installing Tripwire Enterprise Agent (on page 55).
l To launch the installer for a silent installation on an AIX or Linux system, the installer-
launch command must also include the command-line components defined in Table 23 on
the next page.
l In the installers TE Server Hostname field, enter the FQDN or IP address you specified
in Step 1. Configuring Your Tripwire Enterprise Server (on page 102).
Tripwire Enterprise 8.3 Installation & Maintenance Guide 104 Chapter 4. Post-Installation Configuration
Table 23. Additional command-line components for silent installations of AIX,
Linux, and Windows Agents
--proxy-host <proxy_host>
(Optional) To specify the port for connections to the TE proxy, enter:
--proxy-port <proxy_port>
Windows To specify the FQDN or IP address of the TE proxy, enter:
TE_PROXY_HOSTNAME=<host>
(Optional) To specify the port for connections to the TE proxy, enter:
TE_PROXY_PORT=<port>
Tripwire Enterprise 8.3 Installation & Maintenance Guide 105 Chapter 4. Post-Installation Configuration
Chapter 5.
Maintenance Procedures
Maintenance of Tripwire Enterprise
To configure Tripwire Enterprise, see the Tripwire Enterprise User Guide. Following
configuration, your Tripwire Enterprise Administrator should regularly complete the procedures
listed in Table 24 to maintain the integrity and operational efficiency of your Tripwire Enterprise
implementation. Table 24 briefly describes each of these tasks and identifies the frequency with
which each procedure should be completed.
Complete
this
procedure
Procedure ... Description
Archiving log ... at least Created by default when Tripwire Enterprise is installed, the Archive
messages once per Log Messages Task exports specified log messages to an XML file. For
week instructions on running and scheduling this task, see How Does the
Archive Log Messages Task Work? in the Tripwire Enterprise User
Guide.
Backing up ... once per To create backup files for your Tripwire Enterprise configuration files
Tripwire day (after all and database, see Backing Up Tripwire Enterprise Data on the next
Enterprise of the days page.
data report tasks
have run)
Regenerating ... at least To optimize system efficiency and speed, update the indices for your
database once per Tripwire Enterprise Console database by running the regeneration
indices month* utility. For instructions, see Recalculating Database-Index Statistics on
page 123.
* Any time you delete a large number of elements, nodes, and/or rules, you should regenerate your
database indices.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 107 Chapter 5. Maintenance Procedures
Backing Up and Restoring Tripwire Enterprise Data
To create backup files, enter the following command at a command prompt on your
Tripwire Enterprise Server:
tetool backup --passphrase <passphrase> <config_file> <data_file>
To specify the maximum size of each backup file, you may also add the following option with
the --split command:
--split <file_size>
To verify the integrity of newly created backup files, Tripwire recommends that you
use the files to restore your data on a test system (see Restoring Tripwire Enterprise
Data on page 110).
Tripwire Enterprise 8.3 Installation & Maintenance Guide 108 Chapter 5. Maintenance Procedures
Table 25. Backup command line variables
Variable Description
<passphrase> In a single-system installation, the passphrase is the Services Password entered when
you first installed Tripwire Enterprise Console.
In a distributed installation, the passphrase is the passphrase for your remote database.
For example, if you enter config.bak as the file name, tetool would assign the
following names to the backup files:
<data_file> The name of your data backup files. This variable is subject to the same guidelines as
the <config_file> variable (see above).
Note: You can only create data backup files if your Tripwire Enterprise Console
database is a MySQL database.
<file_size> (Optional) The maximum size of each backup file. For example, if your Tripwire
Enterprise data totals 7GB, and you enter 3GB as the file size, tetool will create three
data backup files; two 3GB files, and one 1GB file.
When entering the file size, use the --split command with the following
abbreviations:
l G or g = gigabytes
l M or m = megabytes
l K or k = kilobytes
For example, --split=640M or --split=640m.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 109 Chapter 5. Maintenance Procedures
Restoring Tripwire Enterprise Data
If you have created backup files for your Tripwire Enterprise data (see Backing Up Tripwire
Enterprise Data on page 108), the tetool utility can quickly restore your Tripwire Enterprise
Console configuration files and database in the event of:
l Human errors
l Malicious actions
l Natural disasters
l Data corruption
l System crashes
To restore your Tripwire Enterprise Console data, complete the following steps:
Step 1. Import Backup Files to the Tripwire Enterprise Server and Database (below)
Step 2. Restart Tripwire Enterprise Agents (on page 112)
Note If your Tripwire Enterprise Console database is not a MySQL database, the tetool
utility can only restore your Tripwire Enterprise Console configuration files. To
restore your Tripwire Enterprise data, refer to the documentation provided by the
database vendor.
Step 1. Import Backup Files to the Tripwire Enterprise Server and Database
Note For command-line variable definitions and guidelines, see Table 26 on the
next page.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 110 Chapter 5. Maintenance Procedures
2. To import the backup files, enter:
tetool restore --passphrase <passphrase> <config_file> <data_file>
Caution To restore a Tripwire Enterprise Server with a hostname that differs from
the hostname of the server on which the backup files were created, you
must add the --safe option to the command. Otherwise, the restored
system may suffer unrecoverable errors on startup. (With the --safe
option, Tripwire Enterprise only restores essential files.)
3. To restart the Tripwire Enterprise Console services, enter the appropriate command.
Solaris 10:svcadm enable teserver teagent
All other UNIX: /etc/init.d/twservices start
Windows: <te_root>\bin\twservices start
Next Proceed to Step 2. Restart Tripwire Enterprise Agents (on the next page).
Variable Definition
<passphrase> In a single-system installation, the passphrase is the Services Password entered when
you first installed Tripwire Enterprise Console.
In a distributed installation, the passphrase is the passphrase for your remote database.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 111 Chapter 5. Maintenance Procedures
Step 2. Restart Tripwire Enterprise Agents
Once your backup files have been imported (Step 1. Import Backup Files to the Tripwire
Enterprise Server and Database on page 110), all Tripwire Enterprise Agents must be restarted
and refreshed. Data refresh synchronizes the local Agent databases with your Tripwire
Enterprise Console database.
Caution When you restart an Agent that has an Event Generator, the Agent discards any
pooled audit events and/or change versions.
Next To update Tripwire Enterprise with the current state of the restarted Agents, run a
version check on the Agent systems. For instructions, see Version Checking
Monitored Systems in the Tripwire Enterprise User Guide.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 112 Chapter 5. Maintenance Procedures
Changing the Tripwire Enterprise Services and Database
Passphrases
The services passphrase must be between 6 and 64 characters. Most ASCII printable characters
are allowed, with a few exceptions:
l Alphanumeric characters (a-z, A-Z, 0-9), the space character (ASCII decimal 32), and
most punctuation characters (_-`~!@#$%^&*(),.+=[]{}|/?:;) are allowed.
l The single-quote ('), double-quote ("), less-than (<), greater-than (>), and backslash (\)
characters are not allowed.
4. Restart the TEAgent services oneach Agent system, as described in Managing the
Tripwire Enterprise Agent Service on page 116.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 113 Chapter 5. Maintenance Procedures
Changing the TEDatabase Passphrase
The database passphrase secures communication between the Tripwire Enterprise Console and
a remote database. The database passphrase is first specified when the remote database is
initially created. In order to change the database passphrase, you must execute commands on
both the system where the TE Console is installed, and on the system where the database is
installed.
The database passphrase must be between 6 and 64 characters. Most ASCII printable characters
are allowed, with a few exceptions:
l Alphanumeric characters (a-z, A-Z, 0-9), the space character (ASCII decimal 32), and
most punctuation (_-`~!@#$%^&*(),.+=[]{}|/?:;) are allowed.
l The single-quote ('), double-quote ("), less-than (<), greater-than (>), and backslash (\)
characters are not allowed.
Make sure that new_database_passphrase exactly matches the passphrase you specified
for the remote database.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 114 Chapter 5. Maintenance Procedures
Managing Tripwire Enterprise Services
Notes You can also start, stop, or check Tripwire Enterprise Console services from the
Windows Start menu on your TE Server.
Function Commands
Start On a Windows system: "<te_root>\bin\twservices" start
Note: These commands verify that Tripwire Enterprise Console services are running.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 115 Chapter 5. Maintenance Procedures
Managing the Tripwire Enterprise Agent Service
The Tripwire Enterprise Agent service is a process that runs on a monitored file server. The
Agent service collects change data for the file server, and reports this data to the Tripwire
Enterprise Server.
When an Agent is installed on a file server, the Agent service runs continually by default. To
start, stop, or check the Tripwire Enterprise Agent service, enter the appropriate command(s) at
a command prompt on the Agent host system (see Table 28 below).
Notes On Windows systems, you can also start, stop, or check Agent services from the
Windows Start menu on the Agent host system.
On OS Xsystems, you can also start or stop Agent services from the Applications
> Utilities >Services section of the UI on the Agent host system.
Function Commands
Start On an AIXsystem, run these commands to start the Agent and its services:
startsrc -s teges
startsrc -s teeg
startsrc -s teagent
Stop On an AIXsystem, run these commands to stop the Agent and its services:
stopsrc -s teagent
stopsrc -s teeg
stopsrc -s teges
Tripwire Enterprise 8.3 Installation & Maintenance Guide 116 Chapter 5. Maintenance Procedures
Function Commands
Check On an AIX 5.3 or higher system: $ lssrc a
Note: These commands verify that Tripwire Enterprise Agent services are running. For
Solaris 10, the command generates a list of active subsystems or services. If 'teagent'
appears in the list with the state 'online' for Solaris 10, the Agent is running.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 117 Chapter 5. Maintenance Procedures
Managing the Event Generator Service
When Tripwire Enterprise Console or Tripwire Enterprise Agent software is installed on a
supported Windows or Linux system, you have the option of installing an Event Generator at the
same time. If you forego this option, you can always install an Event Generator at a later time.
If you install an Event Generator, Tripwire Enterprise can monitor the host system in real time,
as well as collect audit events from the systems security log. For a complete list of operating
systems on which the Event Generator can be installed, see the Tripwire Web site:
http://www.tripwire.com/register/tripwire-enterprise-platform-and-device-support
To install, uninstall, start, stop, or check the status of an Event Generator, enter the appropriate
command at a command prompt on the host system (see Table 29 on the next page).
Notes To resume the collection of audit events following a restart of an Event Generator
on an Agent system, you must restart and refresh the Agent. For instructions, see
Step 2. Restart Tripwire Enterprise Agents on page 112.
On OS Xsystems, you can also start and stop the Event Generator service from
the Applications > Utilities >Services section of the UI on the Agent host
system.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 118 Chapter 5. Maintenance Procedures
Table 29. Commands for Event Generators
Function Commands
Install On a Linux TE Server or Agent: <te_root>/bin/twrtmd installrtm
startsrc -s teges
startsrc -s teeg
Note: These commands verify that the Event Generator is running. For Solaris 10, if ' teeg'
appears in the list with the state 'online,' the Event Generator is running.
stopsrc -s teges
stopsrc -s teeg
Note: The Linux command removes the Event Generator daemon and activates bypass
mode for the kernel module. To permanently remove the kernel module, re-boot the system.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 119 Chapter 5. Maintenance Procedures
Managing TE Services with the Solaris Service Management Facility
A feature of some Solaris operating systems, the Service Management Facility (SMF) simplifies
the management of hosted services. If a Tripwire Enterprise Agent is installed on a Solaris
system with the SMF, you can control the following TE services from the system's command
line (see Table 30 below):
Table 30. Commands to manage TE services with the Solaris Service Management Facility
Function Commands
Start To start one or more TE services, enter:
Tripwire Enterprise 8.3 Installation & Maintenance Guide 120 Chapter 5. Maintenance Procedures
Managing the Tripwire Enterprise Console Database
l The Archive Log Messages Task archives all Tripwire Enterprise log messages that
exceed a specified age or number. For more information, see How Does the Archive Log
Messages Task Work? in the Tripwire Enterprise User Guide.
l The Compact Element Versions Task removes all content and attributes from element
versions that exceed a specified age or number. For more information, see How Does the
Compact Element Versions Task Work? in the Tripwire Enterprise User Guide.
Each of these tasks reduces the quantity of data stored in your Tripwire Enterprise Console
database (unless the database is a MySQL database).
A database index is a data structure that improves the speed of operations in a database table.
Like the index of a book, a database index contains entries that reference specific information in
the database. A query optimizer is a database component that uses database-index statistics to
determine the most efficient way to execute a query.
To optimize system efficiency and speed, you should recalculate the database-index
statistics for your Tripwire Enterprise Console database on a weekly basis. To recalculate
statistics, Tripwire Enterprise refreshes the database indices with the latest information in the
Tripwire Enterprise Console database. For instructions, see Recalculating Database-Index
Statistics on page 123.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 121 Chapter 5. Maintenance Procedures
Starting and Stopping a MySQL TE Console Database
To start or stop a MySQL Tripwire Enterprise Console database, enter the appropriate command
at a command prompt on the database host system (see Table 31 below). The host system is
either your TE Server or a remote database server.
Caution Before stopping the database, you must first stop the TE Console services. For
instructions, see Managing Tripwire Enterprise Console Services on page 115.
Function Commands
Start On a Windows system: "\bin\twdatabase" start
Notes:
1. You can also start and stop the database from the Windows Start menu on the database host
system.
2. <te_root> is the installation directory for TE Console software on the database host system.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 122 Chapter 5. Maintenance Procedures
Recalculating Database-Index Statistics
For an introduction to database indices, see About Database Maintenance on page 121.
Caution Recalculating database-index statistics may take several hours, depending on the
size of the database. No user activity will be possible during this time, and you
should ensure that no tasks are scheduled to run at this time.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 123 Chapter 5. Maintenance Procedures
Configuring FIPS Mode
The Federal Information Processing Standardization (FIPS) 140-2 standard specifies
USgovernment requirements for cryptography modules. This topic explains how to enable FIPS
mode on your Tripwire Enterprise Server and Agents.
l If FIPS mode is enabled on both your TE Server and a TE Agent, all communications
between the two systems will be encrypted in compliance with the specifications of FIPS
140-2.
l If FIPS mode is enabled on your TEServer, but disabled on an Agent, the two systems
will be unable to communicate.
l If FIPS mode is disabled on your TE Server, all communication with Agents will be
conducted without FIPS compliance.
Caution Once FIPSmode is enabled, it cannot be disabled. You should ensure that the
use of FIPSmode is the best approach for your environment before enabling it.
In this step, you will enable FIPS mode on your TEAgents. If you do not enable FIPS mode on
an Agent, your TEServer will no longer monitor the Agent when you enable FIPS mode on the
server (Step 2. Enabling FIPS Mode on your Tripwire Enterprise Server on the next page).
To enable FIPS mode on your TE Agents, run the following commands at a command
prompt on each Agent system:
1. Stop the Tripwire Enterprise Agent services by running the appropriate command for the
Agent's platform (see Table 28 on page 116).
2. To enable FIPS mode, enter:
"<te_root>\bin\tetool" fips --enable
Tripwire Enterprise 8.3 Installation & Maintenance Guide 124 Chapter 5. Maintenance Procedures
Step 2. Enabling FIPS Mode on your Tripwire Enterprise Server
To enable FIPS mode on your TE Server, run the following commands at a command
prompt on the TE Server:
1. Stop the Tripwire Enterprise Console services by running the appropriate command for the
server's platform (see Table 27 on page 115).
2. To enable FIPS mode, enter:
"<te_root>\bin\tetool" fips --enable
Tip To run a report that identifies the TE Agents on which FIPS mode has been enabled,
run the following command:
0 indicates an Agent that has yet to register itself with your TEServer.
1 indicates an Agent without FIPS mode enabled.
2 indicates an Agent with FIPS mode enabled.
3 indicates that FIPS mode has also been enabled on your TE Server, and the
Agent and TE Server have successfully connected in FIPS mode.
To complete the configuration of FIPS mode, you must run the restart command on each FIPS-
enabled Agent system. For appropriate formats, (see Table 28 on page 116).
Tripwire Enterprise 8.3 Installation & Maintenance Guide 125 Chapter 5. Maintenance Procedures
Index
64-bit
Upgrading Tripwire Enterprise Console to 50
admin file
creating for Solaris Agent installation 81
Agent update packs
installing for upgrade of Tripwire Enterprise Agent 90
AIX
additional requirements for TE Agent 59
installing Tripwire Enterprise Agent on 60
interactive installation of Agent 60
restoring audit configuration files 64
silent installation of Agent 62
Apple OS X
installing Tripwire Enterprise Agent on 65
interactive installation of Agent 65
silent installation of Agent 67
backing up
Tripwire Enterprise data 108
browsers
see Web browsers 23
command lines
components for package file in silent Agent installation on Solaris 82
components for response file in silent Agent installation on Solaris 81
components for silent Agent installation on AIX 63
components for silent Agent installation on Linux 76
database-index statistics
recalculating 123
database indices
about 121
recalculating statistics for 123
database passphrase
changing 114
setting 26
disabling
tasks in upgrade of a single-system installation 42
distributed installations
defined 13
upgrading to current version of Tripwire Enterprise Console 46
Fast Track
using to configure Tripwire Enterprise 95
FIPS mode
defined 124
firewalls
configuring for use with a TE proxy 105
HP-UX
additional requirements for TE Agent 59
installing Tripwire Enterprise Agent on 69
interactive installation of Agent 69
silent installation of Agent 71
installation
additional requirements for TE Agent 59
preparation for Tripwire Enterprise Agent 57
preparation for Tripwire Enterprise Console 14
requirements for Tripwire Enterprise Agent 56
requirements for Tripwire Enterprise Console 13
upgrade overview 40
installing
a remote database 26
a remote MySQL database 27
a TE proxy 103
Agent update packs for upgrade of Tripwire Enterprise Agent 90
distributed installation of Tripwire Enterprise Console 26
Linux
additional requirements for TE Agent on RHEL 4 59
installing Tripwire Enterprise Agent on 73
interactive installation of Agent 73
silent installation of Agent 75
logging in
overview 94
to a new Tripwire Enterprise installation 95
to an upgraded Tripwire Enterprise installation 96
maintenance
of Tripwire Enterprise 107
of Tripwire Enterprise Console database 121
managing
Tripwire Enterprise Agent services 116
Tripwire Enterprise Console databases 121
Tripwire Enterprise Console services 115
Tripwire Enterprise Event Generators 118
Tripwire Enterprise services with the Solaris Service Management Facility 120
NAT
using with Tripwire Enterprise 99
Oracle RAC
using with Tripwire Enterprise 38
passphrases
changing the database passphrase 114
changing the services passphrase 113
setting the database passphrase 26
platforms
supported by Tripwire Enterprise Agent 59
supported by Tripwire Enterprise Console 21
ports
default ports for a remote database server 23
in a Tripwire Enterprise implementation 19
optional outbound ports for a Tripwire Enterprise Server 21
required for a Tripwire Enterprise Server 20
requirements for Tripwire Enterprise Agent 59
properties
for a TE proxy system 104
services
installed with Tripwire Enterprise Agent 58
installed with Tripwire Enterprise Console 16
services passphrase
changing 113
silent installation
defined 56
single-system installations
defined 13
upgrading to current version of Tripwire Enterprise Console 42
Solaris
additional requirements for TE Agent 59
configuring the Global Event Source for non-global zones 79
installing Tripwire Enterprise Agent on 77
interactive installation of Agent 77
silent installation of Agent 80
Solaris Service Management Facility
managing TE services with 120
tag files
about 87
tags
assigning to new Agents with tag files 87
tasks
disabling for upgrade of distributed installation 46
disabling for upgrade of single-system installation 42
enabling after upgrade of a distributed installation 49
enabling after upgrade of single-system installation 44
TE proxies
configuring for Agent communication 102
installing 103
properties 104
Tripwire Enterprise
about implementations 13
backing up Tripwire Enterprise data 108
logging in to a new installation 95
logging in to an upgraded installation 96
login overview 94
maintenance of 107
port configuration 19
restoring Tripwire Enterprise data 110
using with NAT 99
Tripwire Enterprise Agent
assigning tags with tag files 87
changing the services passphrase 113
configuring a TE proxy for 102
configuring for communication with a TE proxy 104
uninstalling
a remote database 54
Tripwire Enterprise Agent 92
Tripwire Enterprise Console software 52
upgrading
a remote database in a distributed installation 47
distributed installations of Tripwire Enterprise Console 46
overview for Tripwire Enterprise Console 40
preparing for Tripwire Enterprise Console 15
restarting Tripwire Enterprise Agents for distributed installation 48
restarting Tripwire Enterprise Agents for single-system installation 44
single-system installations of Tripwire Enterprise Console 42
Tripwire Enterprise Agent software 91
Tripwire Enterprise Console software and database for single-system installation 43
Tripwire Enterprise Console software in a distributed installation 48
Tripwire Enterprise Console to 64-bit 50
upgrade paths for Tripwire Enterprise Console 40
Web browsers
supported by Tripwire Enterprise 23
Windows
additional requirements for TE Agent 59
installing Tripwire Enterprise Agent on 83
interactive installation of Agent 83
silent installation of Agent 84