Manual de TripWire Super

TRIPWIRE
ENTERPRISE
TRIPWIRE ENTERPRISE 8.3

INSTALLATION & MAINTENANCE GUIDE
1998-2015 Tripwire, Inc. All rights reserved.
Tripwire and nCircle are registered trademarks of Tripwire, Inc. Other brand or product names may be
trademarks or registered trademarks of their respective companies or organizations.
Contents of this document are subject to change without notice. Both this document and the software described
in it are licensed subject to Tripwires End User License Agreement located at www.tripwire.com/eula, unless a
valid license agreement has been signed by your organization and an authorized representative of Tripwire. This
document contains Tripwire confidential information and may be used or copied only in accordance with the
terms of such license.
Tripwire, Inc.
One Main Place
101 SW Main St., Suite 1500
Portland, OR 97204
US Toll-free: 1.800.TRIPWIRE
main: 1.503.276.7500
fax: 1.503.223.0182
http://www.tripwire.com
tripwire@tripwire.com
TW1032-27
Contents
About This Guide 9

Overview 9
Document List 9
Document Conventions 10
Contact Information 11
Chapter 1. Installing Tripwire Enterprise Console 12

Installation Requirements for Tripwire Enterprise Console 13
About Your Tripwire Enterprise Implementation 13
The End-User License Agreement 13
Preparing for a New Installation 14
Preparing for an Upgrade 15
Services Installed with Tripwire Enterprise Console 16
Tripwire Enterprise Port Configuration 19
Requirements for a Tripwire Enterprise Server 20
Requirements for a Remote Database Server 23
Supported Web Browsers for Tripwire Enterprise 23
Single-System Installation of Tripwire Enterprise Console 24
Distributed Installation of Tripwire Enterprise Console 26
Part I of Distributed Installation: Installing a Remote Database 26
Part II of Distributed Installation: Installing Tripwire Enterprise Console Software 37
Upgrading Tripwire Enterprise Console 40
Upgrade Overview 40
Upgrading Older Versions of Tripwire Software 40
Upgrading a Single-System Installation 42
Upgrading a Distributed Installation 46
Upgrading Tripwire Enterprise Console to a 64-bit Installation 50
Uninstalling Tripwire Enterprise Console 52
Tripwire Enterprise 8.3 Installation & Maintenance Guide 5 Contents

Uninstalling Tripwire Enterprise Console Software 52
Uninstalling a Remote Tripwire Enterprise Console Database 54
Chapter 2. Installing Tripwire Enterprise Agent 55

Installation Requirements for Tripwire Enterprise Agent 56
About Interactive and Silent Installations 56
The End-User License Agreement 56
Preparing for Agent Installation 57
Services Installed with Tripwire Enterprise Agent 58
Requirements for an Agent System 59
Installing Tripwire Enterprise Agent 60
Installing Tripwire Enterprise Agent on AIX 60
Installing Tripwire Enterprise Agent on Apple OS X 65
Installing Tripwire Enterprise Agent on HP-UX 69
Installing Tripwire Enterprise Agent on Linux 73
Installing Tripwire Enterprise Agent on Solaris 77
Installing Tripwire Enterprise Agent on Windows 83
Using Tag Files to Assign Tags to New Agents 87
Upgrading Tripwire Enterprise Agents 89
Uninstalling Tripwire Enterprise Agent 92
Chapter 3. Logging In 93
Login Overview 94
Logging In to a New Tripwire Enterprise Installation 95
Logging In to an Upgraded Tripwire Enterprise Installation 96
Chapter 4. Post-Installation Configuration 98

Configuring Tripwire Enterprise Inside a Network Address Translation (NAT) Environment 99
Configuring a Tripwire Enterprise Agent for Use on a Multi-NIC System 101
Configuring a Tripwire Enterprise Proxy for Agent Communication 102
Step 1. Configuring Your Tripwire Enterprise Server 102

Step 2. Installing and Configuring the Tripwire Enterprise Proxy 103
Step 3. Configuring Agents for Communication with the Tripwire Enterprise Proxy 104
Step 4. Configuring the Firewall 105
Chapter 5. Maintenance Procedures 106

Maintenance of Tripwire Enterprise 107
Backing Up and Restoring Tripwire Enterprise Data 108
Backing Up Tripwire Enterprise Data 108
Restoring Tripwire Enterprise Data 110
Changing the Tripwire Enterprise Services and Database Passphrases 113
Changing the TEServices Passphrase 113
Changing the TEDatabase Passphrase 114
Managing Tripwire Enterprise Services 115
Managing Tripwire Enterprise Console Services 115
Managing the Tripwire Enterprise Agent Service 116
Managing the Event Generator Service 118
Managing TE Services with the Solaris Service Management Facility 120
Managing the Tripwire Enterprise Console Database 121
About Database Maintenance 121
Starting and Stopping a MySQL TE Console Database 122
Recalculating Database-Index Statistics 123
Configuring FIPS Mode 124
Index 126

About This Guide
Overview
The Tripwire Enterprise Installation & Maintenance Guide includes the following sections:
l Chapter 1: Installing Tripwire Enterprise Console (on page 12) describes the process for
installing Tripwire Enterprise Console software.
l Chapter 2: Installing Tripwire Enterprise Agent (on page 55) describes the process for
installing Tripwire Enterprise Agent software.
l Chapter 3: Logging In (on page 93) describes the process for logging in to Tripwire
Enterprise.
l Chapter 4: Post-Installation Configuration (on page 98) includes optional post-installation
configuration procedures.
l Chapter 5: Maintenance Procedures (on page 106) includes procedures used to maintain
your Tripwire Enterprise implementation.
Document List
The Tripwire Enterprise Installation & Maintenance Guide provides installation and upgrade
instructions for Tripwire Enterprise software. In addition, this guide includes procedures for the
maintenance of your Tripwire Enterprise software and database.
The Tripwire Enterprise User Guide provides a detailed overview of Tripwire Enterprise
functionality, along with related concepts and procedures.
The Tripwire Enterprise Reference Guide contains supplemental information for the operation of
Tripwire Enterprise software and associated applications.
PDF versions of these documents are available in the docs directory of the Tripwire Enterprise
installation DVD or the TEConsole Web download.
In addition, online help may be accessed from the Tripwire Enterprise interface. The online
help includes the content of all documents cited above.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 9 About This Guide
Document Conventions
Convention Description
Bolding Indicates:
l The labels of buttons, menus, fields, drop-downs, and check boxes.
l Options selected from a drop-down list or menu.
l Keystrokes and menu paths.
l Introductory sentences for procedures.
l The first reference of a term.
Examples:
l In the Monitor dialog, select the Activate check box.
l Press CTRL+DELETE.
Italics Indicates cross references to sections and chapters in this book, as well as the titles of
other books.
Example: "For more information, see Creating a Node."
Sans Indicates:
Serif l URLs and e-mail addresses
l Directory paths and file names
l Command-line entries
Examples:
l www.tripwire.com
l C:\Program Files\
Brackets Indicates a set of possible user-entered options; individual options are separated by the
pipe (|) character.
Example: [1 | 2 | 3]
Angle Indicates placeholders for user-entered values.

brackets
Example: <a_variable>
Contact Information
Tripwire, Inc.
101 SW Main St., Ste. 1500

Portland, OR 97204
Web site: http://www.tripwire.com
Main:503.276.7500
Fax:503.223.0182
US Toll-free: 1.800.TRIPWIRE (1.800.874.7947)
Tripwire Sales
Domestic: sales@tripwire.com
Government: govt@tripwire.com
EMEA: emeasales@tripwire.com
APAC: apacsales@tripwire.com
Japan: japansales@tripwire.com
Tripwire Technical Support
Online support: https://www.tripwire.com/customers

Support policies: http://www.tripwire.com/customers/support-policy.cfm
Contact: https://secure.tripwire.com/customers/contact-support.cfm
Tripwire Professional Services
Tripwire Professional Services provides a wide range of services, including Tripwire

Quickstarts, Turnkey Implementations, Change Auditing, and Process Improvement. For more
information, please visit http://www.tripwire.com/services or contact your Tripwire sales
representative.
Tripwire Educational Services
Tripwire Educational Services provides hands-on technical training for the installation,
configuration, and maintenance of your Tripwire software. All courses are taught by Tripwire
Certified Instructors. For more information, please contact your Tripwire sales representative or
visit http://www.tripwire.com/services/training/.
Chapter 1.
Installing Tripwire
Enterprise Console
Installation Requirements for Tripwire Enterprise Console
About Your Tripwire Enterprise Implementation

To install Tripwire Enterprise Console, you can either perform a new installation or an upgrade
from a previous version of Tripwire Enterprise.
Note With the Tripwire Enterprise Console installer, you can upgrade directly to the
latest version of Tripwire Enterprise Console from Tripwire Enterprise Console 8.1
or later. For additional upgrade paths, see Upgrade Overview on page 40.
A Tripwire Enterprise Server (TE Server) is the host machine on which Tripwire Enterprise
Console (TE Console) software is installed. A Tripwire Enterprise Console database stores
all data generated by TE Console.
You can install TE Console with either of the following methods:
l With a single-system installation, you install the TE Console software and database on
the same system (the TE Server).
l With a distributed installation, you install the TE Console software on the TE Server,
and the database on another system.
In a distributed installation, the TE Console database is also referred to as a remote database.

A remote database server is the system on which a remote database is installed.
Tip For a list of supported databases, see:
http://www.tripwire.com/register/
tripwire-enterprise-platform-and-device-support
Tripwire recommends a distributed installation if you intend to monitor file servers

with Tripwire Enterprise.
To upgrade from a single-system installation to a distributed installation of TE

Console, e-mail Tripwire Technical Support for assistance (support@tripwire.com).
The End-User License Agreement

The End-User License Agreement (EULA) includes all terms and conditions for the use of
Tripwire Enterprise software. A hard copy of the EULA is provided in the packaging of
Tripwire Enterprise Console. In addition, the Tripwire Enterprise installation DVD and
electronic downloads include a soft copy of the EULA (license.html).
Prior to installing Tripwire Enterprise Console, you should first read the EULA in its entirety.
Installation of Tripwire Enterprise Console software implies your consent to all terms and
conditions outlined in the EULA.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 13 Chapter 1. Installing Tripwire Enterprise Console
Preparing for a New Installation
Prior to installing Tripwire Enterprise Console for the first time, complete the following
steps:
l If needed, obtain a license for your Tripwire Enterprise Server. Your License Card
(included in your software distribution package) provides a URL and instructions for
obtaining a license. If you downloaded Tripwire Enterprise Console, you received your
license information via e-mail.
l Read the Tripwire Enterprise Console Installation and Upgrade section in the Release
Notes (release_notes.html). The Release Notes are available on the Tripwire
Enterprise installation DVD and in the main directory of a download archive.
l Ensure that your Tripwire Enterprise Server complies with all requirements (see
Requirements for a Tripwire Enterprise Server on page 20).
l If you will perform a distributed installation, ensure that your remote database server
complies with all requirements (see Requirements for a Remote Database Server on page
23).
l If you will use a MySQL database as your Tripwire Enterprise Console database, you
should first remove any existing MySQL database management systems from the database
host system (either your Tripwire Enterprise Server or remote database server).
Once all requirements have been met, you may proceed with your installation. For further
instructions, see:
l Single-System Installation of Tripwire Enterprise Console (on page 24)

l Distributed Installation of Tripwire Enterprise Console (on page 26)
Caution For a successful installation, your Tripwire Enterprise Server and remote
database server (if applicable) must be in compliance with all requirements. If
these systems do not meet all requirements, your installation may fail.
Note Once you install the Tripwire Enterprise Console software and database, you can
open the Tripwire Enterprise Web interface from any system networked with your
Tripwire Enterprise Server. To open the interface, the local system must have one
of the Web browsers listed in Supported Web Browsers for Tripwire Enterprise on
page 23.
Preparing for an Upgrade
Prior to upgrading to this version of TE Console, complete the following steps:

l Read the Tripwire Enterprise Console Installation and Upgrade section in the Release
Notes (release_notes.html). The Release Notes are available on the Tripwire
Enterprise installation DVD and in the main directory of a download archive.
l If your Tripwire Enterprise implementation harvests audit events from eDirectory servers,
run a version check of the servers with all rules previously used to baseline the servers.
(Any audit events that occur between this final version check and upgrade will be lost.)
l Ensure that your Tripwire Enterprise Server complies with all requirements (see
Requirements for a Tripwire Enterprise Server on page 20).
l If you will perform a distributed installation, ensure that your remote database server
complies with all requirements (see Requirements for a Remote Database Server on page
23).
l To optimize the performance of an upgraded Console, see the following Tripwire
Knowledge Base article:
https://tripwireinc.force.com/customers/CommunitySiteLogin?startURL=
/articles/Tuning/Database-backend-spiking-to-100-CPU
l Back up your Tripwire Enterprise data before upgrading. For Tripwire Enterprise version
5.5.x or later, see Backing Up Tripwire Enterprise Data in the Tripwire Enterprise
Installation & Maintenance Guide for your release. For earlier versions of TE, refer to the
backup instructions in the Tripwire Enterprise User Guide for your release.
Once all requirements have been met, you may proceed with your upgrade. For further
instructions, see Upgrade Overview on page 40.
Caution Tripwire recommends upgrading TE Console during a scheduled maintenance

window. For a successful upgrade, your TE installation must comply with all
requirements listed in these sections:
l Requirements for a Tripwire Enterprise Server (on page 20)

l Requirements for a Remote Database Server (on page 23)
Services Installed with Tripwire Enterprise Console
The tables in this section list the services installed with Tripwire Enterprise Console. For more
information on the ports used by Tripwire Enterprise, see Tripwire Enterprise Port
Configuration on page 19.
For information on the services installed with Tripwire Enterprise Agent, see Services Installed
with Tripwire Enterprise Agent on page 58.
Table 1. Services installed with Tripwire Enterprise Console on Linux systems
Requires
Installation Service Listening Firewall
Type Name Ports Access? Description
TE Console + MySQL DB twservices 443 Y End user web UI
(Single-system
installation) 8080 Y HTTP/EMS integration
services
9898 Y Incoming RMI from TE

Agents
9899 N Incoming RMI from TE

Console
3306 N Server database
69 Y Network device TFTP
61616 N ActiveMQ message broker
twrtmd 1169 N Agent event queue
TE Console only twservices 443 Y End user web UI

(for a distributed
services

Agents

Console
MySQL database only twdatabase 3306 Y Server database

(for a distributed
installation)
Table 2. Services installed with Tripwire Enterprise Console on Solaris systems
Requires
Installation Service Listening Firewall
Type Name Ports Access? Description
TE Console + MySQL DB twservices 443 Y End user web UI
(Single-system
services

Agents

Console
3306 N Server database
teeg 1169 N Agent event queue
teges none
TE Console only twservices 443 Y End user web UI

(for a distributed
services

Agents

Console
MySQL database only twdatabase 3306 Y Server database

(for a distributed
installation)
Table 3. Services installed with Tripwire Enterprise Console on Windows systems
Requires
Installation Listening Firewall
Type Service Name Ports Access? Description
TE Console + MySQLDB Tripwire Enterprise 443 Y End user web UI
(Single-system Server
services

Agents
61616 N ActiveMQ message

broker
Tripwire Enterprise 9899 N Incoming RMI from TE

Agent Console
Tripwire Detection 1169 N Agent event queue

Service
MySQLTripwire 3306 N Server database
TE Console only Tripwire Enterprise 443 Y End user web UI

(for a distributed Server
services

Agents
61616 N ActiveMQ message

broker
Tripwire Enterprise 9899 N Incoming RMI from TE

Agent Console

Service
MySQL database only MySQLTripwire 3306 N Server database

(for a distributed
installation)
Tripwire Enterprise Port Configuration
Figure 1 below illustrates the default ports that may be involved in your Tripwire Enterprise
implementation. For more information about default ports, see:
l Services Installed with Tripwire Enterprise Console (on page 16)

l Requirements for a Tripwire Enterprise Server (on the next page)
l Requirements for a Remote Database Server (on page 23)
l Requirements for an Agent System (on page 59)
l Configuring a Tripwire Enterprise Proxy for Agent Communication (on page 102)
Note A network device may employ one or more of the ports in Figure 1 below.
Figure 1. Tripwire Enterprise port configuration
Requirements for a Tripwire Enterprise Server
Prior to installing Tripwire Enterprise Console software, you should first ensure that the host
system complies with all network (see below) and system requirements (see Supported
Platforms and System Requirements on the next page).
If the host system runs Solaris or Linux, you must also complete the appropriate steps in
Additional Requirements for Solaris and Linux on page 22.
Network Requirements
Your Tripwire Enterprise Server must:
l Reside on an IP network.
l Have a static IP address (non-DHCP), as well as a hostname that resolves to the address.
You must also ensure that all required ports are free on your Tripwire Enterprise Server. Table 4
below identifies the default number and purpose of each port that may be needed. For each port,
the table also indicates:
l The communication protocol used by the port.

l Whether or not you can configure (modify) the default port number when you install
Tripwire Enterprise Console.
For a diagram of default ports that may be involved in your Tripwire Enterprise implementation,
see Figure 1 on the previous page.
Note A network device may employ one or more of the ports depicted in Figure 1 on the
previous page. If a port will not be used in your Tripwire Enterprise implementation,
you can close the port on any existing firewalls. For example, if Tripwire Enterprise
will not monitor any network devices, you can close port 69 on your firewall.
Table 4. Required ports for a Tripwire Enterprise Server
Configurable
Default During
Port/Protocol Installation? Used for ...
69/UDP No ... inbound communication received from network devices that
support TFTP.
443/TCP Yes ... Tripwire Enterprise interface sessions (HTTPS) initiated by

Tripwire Enterprise users.
8080/TCP Yes ... download of JAR files to Agent systems, as well as external
integrations such as plug-ins (HTTP).
9898/TCP Yes ... inbound communication received from Tripwire Enterprise

Agents.
Table 5. Optional outbound ports for a Tripwire Enterprise Server
Configurable
Default During
Port/Protocol Installation? Used for ...
25/TCP No ... outbound e-mail (SMTP) sent by Tripwire Enterprise e-mail
actions. You can configure this port when you create or modify an
e-mail server in the Tripwire Enterprise interface. For more
information, see What are E-mail Servers? in the Tripwire Enterprise
User Guide.
162/UDP No ... outbound SNMP traps sent by Tripwire Enterprise SNMP actions.
For more information, see How Does an SNMP Action Work? in the
Tripwire Enterprise User Guide.
514/UDP No ... outbound syslog notifications sent by Tripwire Enterprise syslog

actions. For more information, see What are Actions and Action
Types? in the Tripwire Enterprise User Guide.
To check the availability of required ports on your TE Server:

1. At a command prompt, enter the following command to generate a list of active
connections.
netstat -a | more
2. Inspect the list of connections for services running on ports listed in Table 4 on the
previous page.
l If the list includes a non-configurable port that will be needed, disable all services
associated with the port before installing Tripwire Enterprise Console.
l If the list includes a configurable port that will be needed, you can either disable
the associated services or enter the number of an unused port when you install the
application.
Supported Platforms and System Requirements
The Tripwire Web site provides current information on:
l The operating systems on which Tripwire Enterprise Console software may be installed
(along with the minimum hardware requirements for each supported platform).
l The operating systems on which the Tripwire Enterprise Event Generator can be installed.
(Required for real-time monitoring of your Tripwire Enterprise Server, the Event
Generator is an optional component that may be added when you install your Tripwire
Enterprise Console software.)
For further details, see:
http://www.tripwire.com/it-security-software/scm/specifications/
system-requirements
Additional Requirements for Solaris and Linux
If your Tripwire Enterprise Server is a Solaris system, you should install the J2SE patches
for your operating system.
If your Tripwire Enterprise Server is a Solaris or Linux system, you must create a UNIX
user group and user account before running the Tripwire Enterprise Console installer. To do so:
1. Log in to the TE Server with root privileges.

2. At a command prompt, enter the following command to create a group (called tripwire)
with a unique group ID:
groupadd tripwire
3. Enter one of the following commands to create a new user (called tripwire) in the
tripwire group.
On a Linux system, enter:

useradd -M -g tripwire tripwire
On a Solaris system, enter:

useradd -g tripwire tripwire
If your Tripwire Enterprise Server is a Solaris or Linux system, ensure that the kernel
setting for the maximum number of open file descriptors is set to 10240 (or higher for large
deployments). When TE Console launches, it issues the command ulimit -n 10240 to
temporarily set the per-session maximum number of open file descriptors to 10240. In order for
this command to succeed, the kernel setting for the maximum (often referred to as a hard limit)
must be greater than this value.
To view the current maximum value:
Solaris:issue the command ulimit -a -H

Linux: view the /proc/sys/fs/file-max file
To change the maximum value:
Solaris:edit /etc/system to change the rlim_fd_max setting, then reboot the system
Linux: edit sysctl.conf to set fs.file-max=65535
For more information about these commands and appropriate methods of managing kernel tuning
parameters, see the documentation for your operating system.
Requirements for a Remote Database Server
For a list of supported databases that can serve as the remote database in a distributed
installation, see:
http://www.tripwire.com/register/tripwire-enterprise-platform-and-device-support
You can install a remote database on any system with a platform supported by the database
vendor. In addition, the remote database server must:
l Have a static IP address (non-DHCP), as well as a hostname that resolves to the address.
l Provide a free port for communication with your TE Server. Table 6 identifies the default
port for each type of remote database.
Table 6. Default ports and protocols for a remote database server
Type of Database Default Port Protocol

MySQL 3306 TCP
Oracle 1521 TCP
Microsoft SQL Server 1433 TCP
Supported Web Browsers for Tripwire Enterprise

Once you have installed the Tripwire Enterprise Console software and database, you can open
the Tripwire Enterprise interface from any computer networked with your Tripwire Enterprise
Server. For a list of supported Web browsers, see:
In addition, TLSv1, Javascript, and cookies must be enabled in your Web browser.
Single-System Installation of Tripwire Enterprise Console
For an introduction to single-system installations, see Installation Requirements for Tripwire
Enterprise Console on page 13.
Caution Due to the softwares high volume of network connections and memory-
intensive operations, Tripwire Enterprise Console must be installed on a local
partition on a dedicated server (not on a mapped drive or remote file system,
such as NFS). For further details, see the Release Notes on your Tripwire
Enterprise installation DVD or in the main directory of your download archive.
To install your Tripwire Enterprise Console software and database on the same system:
1. Log in to the system with root or Administrator privileges.
2. Access your Tripwire Enterprise installation DVD or download archive, and navigate to
the installer directory for the systems platform (see Table 7 on the next page).
3. At a command prompt, enter the installer command for the systems platform (see Table
7).
4. Follow the on-screen instructions to complete the Tripwire Enterprise Console installer.
Tips For more information, click Help in any installer dialog.
Make a note of your specified settings, such as port numbers. You may need
this information at a later date.
5. In the Post-Installation Summary dialog, read the summary information and click Done.
The installation process may take several minutes. If the installer encounters errors, it will
display any available error information and help you to troubleshoot the problem.
Next To log in, see Logging In to a New Tripwire Enterprise Installation on page 95.
(Optional) To encrypt all communications between your TE Server and your

TEAgents in compliance with the Federal Information Processing Standardization
(FIPS) 140-2 standard, see Configuring FIPS Mode (on page 124).
(Optional) For information about updating theJRE on the TE Console system, see the
Tripwire Enterprise Hardening Guide, available for download from the Tripwire
Customer Center (http://www.tripwire.com/customers).
Table 7. Tripwire Enterprise Console installer directories and commands
Platform Installer Directory Installer Command

Linux (32 bit) server/linux/i386 ./install-server-linux-
x86.bin
Linux (64 bit) server/linux/x86_64 ./install-server-linux-

amd64.bin
Solaris (SPARC) server/solaris ./install-server-solaris-

sparc.bin
Windows (32 bit) server\windows\i386 install-server-windows-

x86.exe
Windows (64 bit) server\windows\x86_64 install-server-windows-

amd64.exe
Note: Console mode installs your Tripwire Enterprise Console software and database with a command-
line interface. To run your installation in console mode, add the -i console flag to the installer
command. For example:
./install-server-linux-x86.bin -i console
To complete the command-line installer, follow the on-screen instructions.
Distributed Installation of Tripwire Enterprise Console
To conduct a distributed installation of Tripwire Enterprise Console, complete the following
steps:
l Part I of Distributed Installation: Installing a Remote Database (below)

l Part II of Distributed Installation: Installing Tripwire Enterprise Console Software (on
page 37)
Note For an introduction to distributed installations, see About Your Tripwire Enterprise
Implementation on page 13.
Part I of Distributed Installation: Installing a Remote Database

To use a new MySQL database as your remote database, see Installing a Remote MySQL
Database on the next page.
To use an existing Oracle or Microsoft SQL Server database as your remote database, see:
l Configuring a Remote Oracle Database (on page 28)

l Configuring a Remote Microsoft SQL Server Database (on page 29)
Notes The passphrase for a remote database must be between 6 and 64 characters. Most
ASCII printable characters are allowed, with a few exceptions:
l Alphanumeric characters (a-z, A-Z, 0-9), the space character (ASCII

decimal 32), and most punctuation (_-`~!@#$%^&*(),.+=[]{}|/?:;) are
allowed.
l The single-quote ('), double-quote ("), less-than (<), greater-than (>), and
backslash (\) characters are not allowed.
For additional requirements, see Requirements for a Remote Database Server on

page 23.
Installing a Remote MySQL Database
With this procedure, you can install a new MySQL database for use as your remote database.
The database can be installed on any system with a Solaris, Windows, or Linux platform
supported by MySQL.
To install the remote database:

1. Log in to the host system with root or Administrator privileges.
the installer directory for the host systems platform (see Table 8 below).
3. At a command prompt, enter the installer command for the host systems platform (see
Table 8).
5. In the Post-Installation Summary dialog, read the summary information and click Done.
Next To complete your distributed installation, proceed to Part II of Distributed

Installation: Installing Tripwire Enterprise Console Software (on page 37).

x86.bin

amd64.bin

sparc.bin

x86.exe

amd64.exe
Configuring a Remote Oracle Database
To use an existing Oracle database as your remote database, you must first configure the
database so that Tripwire Enterprise information can be written to it.
Tip If you need assistance with this procedure, consult your Oracle database
administrator.
To optimize performance, add the following line to your TE Console configuration

file (<TE_root>/data/config/server.properties):
oracle.optimizerMode=all_rows
To configure your Oracle database, complete the following steps at an SQL prompt:
1. Create a tablespace for Tripwire Enterprise Console:
CREATE TABLESPACE <tablespace_name>
DATAFILE <path_to_datafile_and_file_name>
SIZE 2000M
AUTOEXTEND ON
EXTENT MANAGEMENT LOCAL;
2. Create a user with access to the Tripwire Enterprise Console tablespace:

CREATE USER <username>
IDENTIFIED BY <password>
DEFAULT TABLESPACE <tablespace_name>
QUOTA UNLIMITED ON <tablespace_name>;
3. Grant the user the following privileges:

GRANT CREATE VIEW, CREATE TABLE, ALTER SESSION, CREATE SESSION, CREATE
SYNONYM, CREATE SEQUENCE, CREATE TRIGGER, CREATE PROCEDURE TO <username>;

Installation: Installing Tripwire Enterprise Console Software (on page 37).
Configuring a Remote Microsoft SQL Server Database
To use a Microsoft SQL Server 2005, 2008, or 2012 database as your remote database,
complete the following steps:
l Step 1 for MS SQL Server - Enable the TCP/IP protocol (below)

l Step 2 for MS SQL Server - Create the Remote Database (on the next page)
l Step 3 for MS SQL Server - Create a Login for the Remote Database (on page 34)
l Step 4 for MS SQL Server - Grant Database Permissions to the Login (on page 36)
Step 1 for MS SQL Server - Enable the TCP/IP protocol
To enable TCP/IP on your Microsoft SQL Server database server:

1. From the Start menu, open SQL Server Configuration Manager.
2. In the tree pane, expand SQL Server Network Configuration, then click Protocols for
MSSQLSERVER (see Figure 2 below).
3. In the main pane, select and enable the TCP/IP protocol.
4. In the tree pane, right-click Protocols for MSSQLSERVER and select Properties.
5. In the Flags tab of the properties dialog, determine if ForceEncryption (SSL) is enabled.
If so, you will need to complete an additional step when you install TE Console (in Part II
of Distributed Installation: Installing Tripwire Enterprise Console Software on page 37).
6. Close the SQL Server Configuration Manager.
7. Restart Microsoft SQL Server.
Figure 2. Enabling the TCP/IPprotocol
Step 2 for MS SQL Server - Create the Remote Database
To create the Microsoft SQL Server database that will serve as your Tripwire Enterprise
Console database:
1. In the Object Explorer of the Microsoft SQL Server Management Studio, right-click
Databases and select New Database.
2. In the main pane of the New Database dialog (see Figure 3 below):
a. Enter a Database Name.
Note Make a note of the database name. You will need it to complete the
Tripwire Enterprise Console Database installer.
b. Enter at least 2000 MB as the Initial size of the data file.

c. Enter at least 500 MB as the Initial size of the transaction log file.
Figure 3. Creating a new MSSQLdatabase
3. Click the Autogrowth button for the data file, and complete the following steps in the
Change Autogrowth dialog:
a. Select Enable Autogrowth.
b. Enter appropriate settings (including at least 20 MB as the File Growth setting) and
click OK.
Tip To determine suitable autogrowth settings, consult your database

administrator.
4. Click the Autogrowth button for the transaction log file, and complete the following steps
in the Change Autogrowth dialog:
a. Select Enable Autogrowth.
b. Enter appropriate settings (including at least 20 MB as the File Growth setting) and
click OK.
5. In the New Database dialog, select Options (see Figure 4 below).
a. In the Collation drop-down, select Latin1_General_CS_AI.
b. In the Recovery Model drop-down, select Simple.
c. In the Miscellaneous list, set the ANSI NULL Default value to True.
6. Click OK to close the New Database dialog.
Figure 4. Configuring a new MSSQLdatabase
7. In the toolbar, click New Query (see Figure 5 below).
8. In the main pane, complete the following steps:
a. In the new query tab, enter the following SQL statement:
ALTER DATABASE [<db_name>] SET READ_COMMITTED_SNAPSHOT ON
where <db_name> is the name of your database.
Tip If the database name begins with a number, you must enclose the name
of the database in quotes (<db_name>).
b. Click Execute, and verify that the command completed successfully.

c. Enter the following statement in the query tab (see Figure 6 on the next page):
SELECT name, is_read_committed_snapshot_on FROM sys.databases WHERE
name='<db_name>'
d. Click Execute.
e. In the Results tab, verify that the value in the is_read_committed_snapshot_on
column is 1. If this value is 0, repeat steps 8a through 8b above.
Figure 5. Setting READ_COMMITTED_SNAPSHOT ON
Figure 6. Verifying that READ_COMMITTED_SNAPSHOT is on
Step 3 for MS SQL Server - Create a Login for the Remote Database
To create a Microsoft SQL Server login with which TE will access the remote database:
1. In the Object Explorer of the Microsoft SQL Server Management Studio, expand the
Security folder (see Figure 7 on the next page).
2. Under the Security folder, right-click Logins and select New Login.
3. In the Login - New dialog:
a. Enter a Login name.
b. Select an authentication option.
c. (SQLServer authentication only) Enter and confirm the password for the login.
Tip Make a note of the login name and password. You will need it to
complete the Tripwire Enterprise Console Database installer.
d. (SQLServer authentication only) De-select Enforce password expiration.
Note If this setting is enabled, then your SQL Server password might change.
If the password changes, then you must reset the password with the TE
Command Line Interface (CLI) in order to re-establish communication
between the database and your Tripwire Enterprise Server. (For CLI
instructions, see Working with the Command Line Interface in the
Tripwire Enterprise Reference Guide).
e. From the Default database drop-down, select the new SQL Server database.
f. From the Default language drop-down, select English.
4. In the tree pane of the Login - New dialog, click User Mapping (see Figure 8 on the next
page).
a. Select the check box for the new database in the Map column.
b. In the Default Schema column for the database, enter the name of the new login.
(Do not click )
Caution If you incorrectly enter the login name in the Default Schema
column, an error may result when some Tripwire Enterprise
functions are run.
Do not assign a database role to the SQL Server login. If the login
has a role, your Tripwire Enterprise Server may be unable to
communicate with the database.
5. Click OK to close the Login - New dialog.
Figure 7. Creating a login for the remote database
Figure 8. Configuring user mapping
Step 4 for MS SQL Server - Grant Database Permissions to the Login
In this step, you grant permissions to the SQL Server login created for Tripwire Enterprise.
Tripwire Enterprise needs these permissions in order to access the remote database via the SQL
Server login.
To grant permissions in Microsoft SQL Server:

1. In the Object Explorer of the Microsoft SQL Server Management Studio, expand the
Databases folder (see Figure 9 below).
2. Right-click the new database and select Properties.
3. In the database properties dialog, select Permissions.
4. In the main pane, select the Grant check box for each of the following permissions:
l Connect l Delete
l Create Procedure l Insert
l Create Table l Select
l Create View l Update
5. Click OK.
Figure 9. Granting database permissions to the login

Installation: Installing Tripwire Enterprise Console Software on the next page.
Part II of Distributed Installation: Installing Tripwire Enterprise
Console Software
In Part I of Distributed Installation: Installing a Remote Database (on page 26), you installed a
remote database for your distributed installation. In this step, you will install the Tripwire
Enterprise Console software on your Tripwire Enterprise Server.
Note For requirements, see Requirements for a Tripwire Enterprise Server on page 20.
Caution Due to the softwares high volume of network connections and memory-
intensive operations, Tripwire Enterprise Console must be installed on a local
partition on a dedicated server (not on a mapped drive or remote file system,
such as NFS). For further details, see the Release Notes on your Tripwire
Enterprise installation DVD or in the main directory of your download archive.
To install Tripwire Enterprise Console software:

1. Log in to the host system with root or Administrator privileges.
the installer directory for the systems platform (see Table 9 on page 39).
3. At a command prompt, enter the installer command for your platform (see Table 9).
The installation process may take several minutes. If the installer encounters errors, it will
display any available error information and help you to troubleshoot the problem.
5. If you have a Microsoft SQL Server remote database and force encryption is
enabled, complete the following steps.
a. Create (or edit) the following text file on your Tripwire Enterprise (TE) Server:
Windows: <te_root>\data\config\jtds.properties
UNIX: <te_root>/data/config/jtds.properties
b. To specify the encryption requirements for connections between your TE Server and
the database server, add the following line to the text file (jtds.properties):
SSL=<SSL_option>
where <SSL_option> is one of the following values:
request permits all connections and employs SSL encryption if the database server
supports SSL.
require requires SSL for all connections. If the database server does not support
SSL, connections will fail.
authenticate requires SSL for all connections, as well as a valid certificate issued
by a trusted certificate authority. If the database server does not support SSL or
lacks a valid certificate, connections will fail.
c. If you entered authenticate as the SSL option, and the database server uses a self-
signed certificate or a certificate issued by a trusted authority that is not supported
by the JRE, you must add the root certificate to the keystore on the TE Server. To do
so, run the following command at a command prompt on the TE Server:
<te_root>\jre\bin\keytool -import -alias <alias> -keystore <te_
root>\data\security\cacerts.ks -keypass changeit -file <path_to_
certificate>
Table 10 (on the next page) defines the options in this command.
d. If you added a certificate to the TEServer keystore in step 5c, you must restart the
TEConsole service as described in Managing Tripwire Enterprise Console Services
on page 115 in order to force TEConsole to re-read the keystore file.
e. Open the following file on your TE Server in a text editor:
Windows: <te_root>\bin\server.conf
UNIX: <te_root>/bin/server.conf
f. Add this line to the end of the file:
wrapper.java.additional.<#>=-Djsse.enableCBCProtection=false
replacing <#> with the next number in the sequence. For example, if the last
numbered line in your current server.conf file is wrapper.java.additional.33,
you would replace <#>in the command above with 34.
6. If you have an Oracle RAC remote database and you want to use the High
Availability and failover features, complete the following steps.
a. Open the server.properties text file on your Tripwire Enterprise (TE) Server:
Windows: <te_root>\data\config\server.properties
UNIX: <te_root>/data/config/server.properties
b. Add the following line to the file:
tw.database.service=<service_name>
where <service_name>represents the Oracle Service Name.
Note The Oracle RAC High Availability features are only available if you
specified the SCANhostname during the TE installation process. If you
specified a VIP/FQDN hostname during installation, TE will only connect to
one instance of the cluster and the High Availability features cannot be used.
7. Restart your Tripwire Enterprise Console services (see Managing Tripwire Enterprise
Console Services on page 115).
Next To log in, see Logging In to a New Tripwire Enterprise Installation on page 95.
(Optional) To encrypt all communications between your TE Server and TEAgents in

compliance with the Federal Information Processing Standardization (FIPS) 140-2
standard, see Configuring FIPS Mode (on page 124).
(Optional) For information about updating theJRE on the TE Console system, see the

x86.bin

amd64.bin

sparc.bin

x86.exe

amd64.exe
Table 10. Options to add an unsupported certificate to the keystore
Option Description
<te_root> The installation directory for Tripwire Enterprise Console software.
<alias> A unique identifier for the new keystore entry.
<path_to_certificate> The full path to the certificate.
Upgrading Tripwire Enterprise Console
Upgrade Overview
To upgrade to the latest version of Tripwire Enterprise Console, use one of the following
procedures:
l To upgrade from Tripwire Enterprise 8.0 or earlier, see Upgrading Older Versions of
Tripwire Software (below).
l To upgrade from Tripwire Enterprise 8.1 or later, see Upgrading a Single-System
Installation (on page 42) or Upgrading a Distributed Installation (on page 46).
l To upgrade Tripwire Enterprise Console from a 32-bit to a 64-bit installation, first
upgrade your TE installation to the most recent 32-bit version using one of the procedures
above, then see Upgrading Tripwire Enterprise Console to a 64-bit Installation (on page
50).
Upgrading Older Versions of Tripwire Software

To upgrade from a version of Tripwire Enterprise software that is older than Tripwire Enterprise
8.1, follow the applicable upgrade path in Table 11 (on the next page). You can download the
TEConsole installers from the Tripwire Customer Center at
https://tripwire.secure.force.com/customers/.
Caution Tripwire Enterprise 7.6 added new features that greatly enhance scalability and
performance. As a result, upgrade times from TE versions older than version 7.6
may be substantially longer than in previous upgrades. This is especially true in
cases where a large database contains many audit events. Before you begin an
upgrade from Tripwire Enterprise 7.5V, we stronglyrecommend that you read
this article on the Tripwire Knowledge Base:
https://tripwireinc.force.com/customers/articles/
Install_and_Upgrade/Upgrading-Tripwire-Enterprise-from-75-to-76
If you have additional questions or encounter problems during the upgrade

process, contact Tripwire Support at support@tripwire.com.
Tip If you upgrade a Tripwire Enterprise implementation that includes custom user roles,
you should review the permissions in each role following upgrade. In some cases,
custom user roles may require new permissions for expected access to Tripwire
Enterprise objects and functions. For more information about user roles and
permissions, see What are User Permissions and User Roles? in the Tripwire
Enterprise User Guide.
Table 11. Upgrade paths for Tripwire Enterprise Console
Tripwire Enterprise/Server Version Upgrade Path

7.5 1. TE Console 7.7
2. TEConsole 8.1
3. TEConsole 8.3
7.6 1. TEConsole 8.0

2. TEConsole 8.2
3. TEConsole 8.3

2. TEConsole 8.3

2. TEConsole 8.3
8.1 or later See one of the following topics:

l Upgrading a Single-System Installation (on the next
page)
l Upgrading a Distributed Installation (on page 46)
Upgrading a Single-System Installation
With this procedure, the Tripwire Enterprise Console installer upgrades a single-system
installation of Tripwire Enterprise Console 8.1 or later to the latest version. Prior to upgrading,
you should first review the following sections:
l Preparing for an Upgrade (on page 15)

l Upgrade Overview (on page 40)
Caution You should back up your Tripwire Enterprise data before upgrading. For
instructions, see Backing Up Tripwire Enterprise Data on page 108.
To upgrade a single-system installation of Tripwire Enterprise, complete the following

steps:
Step 1. Disabling Tasks in Tripwire Enterprise (below)
Step 2. Upgrading the Tripwire Enterprise Software and Database (on the next page)
Step 3. Restarting and Refreshing Agents in Tripwire Enterprise (on page 44)
Step 4. Enabling Tasks in Tripwire Enterprise (on page 44)
Step 1. Disabling Tasks in Tripwire Enterprise
To disable all tasks in your current installation of Tripwire Enterprise Console:

1. Log in to the Tripwire Enterprise interface as administrator.
2. Click TASKS.
3. In the button bar, click Control > Disable.

4. Click OK in the confirmation dialog.
Step 2. Upgrading the Tripwire Enterprise Software and Database
In this step, the Tripwire Enterprise Console installer upgrades your current Tripwire Enterprise
Console software and database to the latest version of Tripwire Enterprise Console.
To run the installer:

1. Log in to your Tripwire Enterprise Server with root or Administrator privileges.
the installer directory for your platform (see Table 12 below).
3. At a command prompt, enter the installer command for your platform (see Table 12).
Note For more information, click Help in any installer dialog.
The upgrade process may take some time, based on the size of your database. If the
installer encounters errors, it will display any available error information and help you to
troubleshoot the problem.
Table 12. TE Console installer directories and commands

Linux server/linux 32 bit:
./install-server-linux-
x86.bin
64 bit:
./install-server-linux-
amd64.bin
Solaris server/solaris ./install-server-solaris-

sparc.bin
Windows server\windows 32 bit:
install-server-windows-
x86.exe
64 bit:
install-server-windows-
amd64.exe
Step 3. Restarting and Refreshing Agents in Tripwire Enterprise
To restart and refresh your Tripwire Enterprise Agents:

1. Clear your Web browsers temporary file cache. (Residual files from your previous
installation could interfere with TE.)
2. Log in to Tripwire Enterprise with the administrator account.
3. In the Tripwire Enterprise interface, click NODES.
4. In the button bar, click Modify > Restart Agents.

5. Click OK in the following confirmation dialog:
Are you sure you want to perform this operation on all objects
in all pages of the current view?
6. In the Restart Agents dialog, select Refresh data on Agents and click OK.
Caution The process of restarting and refreshing Agents can take a long time.
When Tripwire Enterprise completes the process for an Agent, the Log
Manager generates a System log message that states:
Finished recreating data on Node <node_name>.
Before proceeding with the next step, you should review the Log Manager
to confirm that all Agents have been successfully restarted.
Step 4. Enabling Tasks in Tripwire Enterprise
To enable all tasks in Tripwire Enterprise:

1. Click TASKS.
2. In the button bar, click Control > Enable.

After Upgrading
After upgrading your TEConsole installation, you may need to perform some additional steps:
l (Optional) To encrypt all communications between your TE Server and TEAgents in

l If you upgrade a Tripwire Enterprise implementation that includes custom user roles, you
should review the permissions in each role following upgrade. In some cases, custom user
roles may require new permissions for expected access to Tripwire Enterprise objects and
functions. For more information about user roles and permissions, see What are User
Permissions and User Roles? in the Tripwire Enterprise User Guide.
l After upgrading, all errors displayed in the Node Manager (exclamation points)are
cleared. As TEencounters errors, they will be displayed in both the Node Manager and
the Health section of the Asset View tab.
l After upgrading, any existing nodes that do not have any active licenses will be disabled.
When you add a license to these nodes, they will be enabled again. For more information
about disabled nodes, see Temporarily Disabling Checks and Baselines on a Node in the
l (Optional) For information about updating theJRE on the TE Console system, see the
Upgrading a Distributed Installation
With this procedure, the Tripwire Enterprise Console installer upgrades a distributed installation
of Tripwire Enterprise Console 8.1 or later to the latest version of TE Console. Prior to
upgrading, you should first review the following sections:
l Preparing for an Upgrade (on page 15)

l Upgrade Overview (on page 40)
Caution You should back up your Tripwire Enterprise data before upgrading. For
instructions, see Backing Up Tripwire Enterprise Data on page 108.
To upgrade a distributed installation, complete the following steps:

Step 1. Disabling Tasks in Tripwire Enterprise (below)
Step 2. Stopping the Tripwire Enterprise Services (on the next page)
Step 3. Upgrading the Remote Database (on the next page)
Step 4. Upgrading the Tripwire Enterprise Software (on page 48)
Step 5. Restarting and Refreshing Agents in Tripwire Enterprise (on page 48)
Step 6. Enabling Tasks in Tripwire Enterprise (on page 49)
Step 1. Disabling Tasks in Tripwire Enterprise
To disable all tasks in your current installation of Tripwire Enterprise Console:

1. Log in to the Tripwire Enterprise interface as administrator.
2. Click TASKS.
3. In the button bar, click Control > Disable.

Step 2. Stopping the Tripwire Enterprise Services
At a command prompt on your Tripwire Enterprise Server, enter the appropriate command to
stop the Tripwire Enterprise Console services.
Windows: <te_root>\bin\twservices stop

Solaris 10: svcadm disable teserver teagent
All other UNIX systems: /etc/init.d/twservices stop
where <te_root> is the directory in which your TE Console software is installed.
Tip You can also stop services from the Windows Start menu.
Step 3. Upgrading the Remote Database
If your Tripwire Enterprise Console database is a MySQL database, complete the following
steps. For all other databases, proceed to Step 4. Upgrading the Tripwire Enterprise Software
(on the next page).
To upgrade a MySQL database:

1. Log in to your remote database server with root or Administrator privileges.
the installer directory for the servers platform (see Table 7 on page 25).
3. At a command prompt, enter the installer command for the servers platform (see Table
7 on page 25).
4. Follow the on-screen instructions to complete the Tripwire Enterprise Console Database
installer.
Tip For more information, click Help in any installer dialog.
5. In the Post-Installation Summary dialog, read the summary information and click Finish.
Step 4. Upgrading the Tripwire Enterprise Software
In this step, the Tripwire Enterprise Console installer upgrades your current Tripwire Enterprise
Console software to the latest version.
To run the installer:

the installer directory for the servers platform (see Table 7 on page 25).
3. At a command prompt, enter the installer command for the servers platform (see Table
7 on page 25).
Tip For more information, click Help in any installer dialog.
The upgrade process may take some time, based on the size of your database. If the
installer encounters errors, it will display any available error information and help you to
troubleshoot the problem.
5. In the Post-Installation Summary dialog, read the summary information and click Finish.
Step 5. Restarting and Refreshing Agents in Tripwire Enterprise
To restart and refresh your Tripwire Enterprise Agents:

1. Clear your Web browsers temporary file cache. (Residual files from your previous
installation could interfere with Tripwire Enterprise.)
2. Log in to Tripwire Enterprise with the administrator account.
3. In the Tripwire Enterprise interface, click NODES.
4. In the button bar, click Modify > Restart Agents.

5. Click OK in the following confirmation dialog:
Are you sure you want to perform this operation on all objects
in all pages of the current view?
6. In the Restart Agents dialog, select Refresh data on Agents and click OK.
Caution The process of restarting and refreshing Agents can take a long time.
When Tripwire Enterprise completes the process for an Agent, the Log
Manager generates a System log message that states:
Finished recreating data on Node <node_name>.
Before proceeding with the next step, you should review the Log Manager
to confirm that all Agents have been successfully restarted.
Step 6. Enabling Tasks in Tripwire Enterprise
To enable all tasks in Tripwire Enterprise:

1. Click TASKS.
2. In the button bar, click Control > Enable.

After Upgrading
After upgrading your TEConsole installation, you may need to perform some additional steps:
l (Optional) To encrypt all communications between your TE Server and TEAgents in

l If you upgrade a Tripwire Enterprise implementation that includes custom user roles, you
should review the permissions in each role following upgrade. In some cases, custom user
roles may require new permissions for expected access to Tripwire Enterprise objects and
functions. For more information about user roles and permissions, see What are User
Permissions and User Roles? in the Tripwire Enterprise User Guide.
l After upgrading, all errors displayed in the Node Manager (exclamation points)are
cleared. As TEencounters errors, they will be displayed in both the Node Manager and
the Health section of the Asset View tab.
l After upgrading, any existing nodes that do not have any active licenses will be disabled.
When you add a license to these nodes, they will be enabled again. For more information
about disabled nodes, see Temporarily Disabling Checks and Baselines on a Node in the
l (Optional) For information about updating theJRE on the TE Console system, see the
Upgrading Tripwire Enterprise Console to a 64-bit Installation
Starting with Tripwire Enterprise 7.6, full native 64-bit support was added to the TEConsole
software. This procedure describes the process for migrating 32-bit data from an existing TE
installation to a 64-bit installation.
Caution To avoid data loss, please back up configuration and database files each time
you are prompted to in the procedure.
To upgrade an existing 32-bit TE Console installation to a 64-bit installation:

1. Back up the TEConsole configuration and database files (if you have a remote
TEdatabase). For more information see Backing Up Tripwire Enterprise Data on page
108.
2. Upgrade your 32-bit installation of TE to the most recent version using the 32-bit installer
for your platform. For more information on the upgrade process, see Upgrading Tripwire
Enterprise Console on page 40.
3. Back up the TEConsole and database files again, using the process in Backing Up
Tripwire Enterprise Data (on page 108).
4. Uninstall the 32-bit version of Tripwire Enterprise Console that you installed in step 2.
Caution If you do not uninstall the 32-bit Console, you should disable the
TEConsole service or edit the services.properties file to ensure that
the Console cannot access TE database files. Otherwise, the 32-bit
Console may corrupt the database file of your 64-bit installation after you
upgrade it.
5. After the uninstallation process is complete, remove the Tripwire Enterprise root directory
entirely to remove any artifacts of the previous install.
Note To retain logs and old archived log messages for audit purposes, save the
/data/log/ directory.
6. Perform a fresh installation of the 64-bit version of Tripwire Enterprise Console as

described in Single-System Installation of Tripwire Enterprise Console (on page 24) or
Part II of Distributed Installation: Installing Tripwire Enterprise Console Software (on
page 37). For a distributed installation, when the installer prompts for database connection
info, enter false values. This prevents the installer from altering your database. The
installer will eventually time out and prompt you to continue with the installation. Click
Continue to proceed with the installation.
7. After installing the 64-bit version of TE Console, stop the TEConsole services using the
correct command in Managing Tripwire Enterprise Console Services (on page 115).
8. Next you will restore the TE Console configuration and (optionally) database files using
the backup files from step 3.
For a single-system installation or a distributed installation with a MySQLdatabase,
use this command to restore the configuration and database files:
<te_root>/bin/tetool restore --passphrase <services_passphrase> --safe <co
nfig_file> <database_file>
where <services_passphrase>is the Services Password entered when you installed TE

Console, <config_file> is the path to the configuration backup file from step 3, and
<database_file> is the path to the database backup file from step 3.
For all other distributed installations, use this command to restore the configuration
file:
<te_root>/bin/tetool restore --passphrase <services_passphrase> --safe <co
nfig_file>
where <services>is the Services Password entered when you installed TE Console and
<config_file> is the path to the configuration backup file from step 3.
Note The default value for the database passphrase is the Services Password for
the TEConsole.
9. After the restore is complete, start the TEConsole services using the correct command in
Managing Tripwire Enterprise Console Services (on page 115).
The TE Console should now be using native 64-bit code on a 64-bit Java Virtual Machine. After
logging in to the 64-bit system, we recommend that you create backup versions of the 64-bit
configuration and database files.
Uninstalling Tripwire Enterprise Console
Uninstalling Tripwire Enterprise Console Software

With the following procedures, you can remove Tripwire Enterprise Console software from your
Tripwire Enterprise Server. In a single-system installation, these procedures will also remove
your Tripwire Enterprise Console database.
To uninstall Tripwire Enterprise Console software via command line:

2. At a command prompt, enter:
cd <te_root>/uninstall
where <te_root> is the path to the directory in which Tripwire Enterprise Console is
installed.
Note By default, Tripwire Enterprise Console is installed in the following

directories.
Windows: C:\Program Files\Tripwire\TE\Server
Solaris 10: /opt/tripwire/te/server
All other UNIX platforms: /usr/local/tripwire/te/server
3. To run the uninstaller on a UNIX system, enter:

./uninstall
To run the uninstaller on a Windows system, enter:

uninstall.exe
4. Manually delete the Tripwire Enterprise Console installation directory (<te_root>) and its
contents.
To uninstall Tripwire Enterprise Console software from a Windows Tripwire Enterprise

Server with the Windows Start menu:
1. Click Start and select the correct path for your platform:
Programs > Tripwire Enterprise Console > Uninstall
All Programs > Tripwire Enterprise Console > Uninstall
2. Follow the prompts in the uninstaller.

3. Manually delete the Tripwire Enterprise Console installation directory and all contents.
To uninstall Tripwire Enterprise Console software from a Windows Tripwire Enterprise
Server with the Add/Remove Programs feature:
1. Log in to your Tripwire Enterprise Server with Administrator privileges.
2. From the Control Panel, select Add/Remove Programs.
3. Select Tripwire Enterprise Console.
4. Click Remove.
Uninstalling a Remote Tripwire Enterprise Console Database
With the following procedures, you can uninstall a MySQL Tripwire Enterprise Console
database from your remote database server.
Note These procedures only apply to distributed installations. To remove a MySQL

database from a single-system installation, see Uninstalling Tripwire Enterprise
Console Software on page 52.
To uninstall a remote MySQL database via command line:

1. Log in to your remote database server with root or Administrator privileges.
2. At a command prompt, enter the command for your platform.
UNIX: cd <te_root>/uninstall
Windows: cd <te_root>\uninstall
Where <te_root> is the path to the directory in which the database is installed.
Note By default, a remote MySQL database is installed in the following

directories.
Windows: C:\Program Files\Tripwire\TE\Server
Solaris 10: /opt/tripwire/te/server
All other UNIX platforms: /usr/local/tripwire/te/server
3. To run the uninstaller on a UNIX system, enter:

./uninstall
To run the uninstaller on a Windows system, enter:

uninstall.exe
4. Manually delete the Tripwire Enterprise Console installation directory and its contents.
To uninstall a remote MySQL database on a Windows system with the Add/Remove

Programs feature:
1. Log in to the Windows system with Administrator privileges.
2. From the Control Panel, select Add/Remove Programs.
3. Select Tripwire Enterprise Console.
4. Click Remove.
Chapter 2.
Installing Tripwire
Enterprise Agent
Installation Requirements for Tripwire Enterprise Agent
About Interactive and Silent Installations

Tripwire Enterprise Agent is a remote-execution environment that enables Tripwire
Enterprise Console to monitor a file server for changes. When you install TE Agent on a file
server, TE automatically creates a file server node (or Agent node) in the Node Manager.
l For more information about the creation of file server nodes, see Agent Node Creation in
the Tripwire Enterprise User Guide.
l To learn how other types of nodes are created, see Manual Node Creation in the Tripwire
Enterprise User Guide.
The Tripwire Enterprise Agent installer may be run with either of the following methods:
l With an interactive installation, you launch and complete the Tripwire Enterprise Agent
installer. In the installer, you respond to a series of questions and enter configuration
settings.
l With a silent installation, you use a command line or response file to automate the
installation process.
The End-User License Agreement

The End-User License Agreement (EULA) includes all terms and conditions for the use of
Tripwire Enterprise software. A hard copy of the EULA is provided in the packaging of
Tripwire Enterprise Console. In addition, your Tripwire Enterprise installation DVD or
electronic download includes a soft copy of the EULA (license.html).
Prior to installing Tripwire Enterprise Agent, you should first read the EULA in its entirety.
Installation of Agent software implies your consent to all terms and conditions outlined in
the EULA.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 56 Chapter 2. Installing Tripwire Enterprise Agent
Preparing for Agent Installation
Prior to installing Tripwire Enterprise Agent, complete the following steps:

l Install the Tripwire Enterprise Console software and database, as described in Chapter 1:
Installing Tripwire Enterprise Console (on page 12).
l Read the Tripwire Enterprise Agent Installation section in the Release Notes (release_
notes.html). The Release Notes are available on the Tripwire Enterprise installation
DVD.
l Ensure that the Agent host system complies with all requirements (see Requirements for
an Agent System on page 59).
Caution For a successful installation, an Agent host system must be in compliance with
all requirements. If the host system does not meet all requirements, your
installation may fail.
Once all requirements have been fulfilled, proceed to the appropriate section for your platform:
l Installing Tripwire Enterprise Agent on AIX (on page 60)

l Installing Tripwire Enterprise Agent on Apple OS X (on page 65)
l Installing Tripwire Enterprise Agent on HP-UX (on page 69)
l Installing Tripwire Enterprise Agent on Linux (on page 73)
l Installing Tripwire Enterprise Agent on Solaris (on page 77)
l Installing Tripwire Enterprise Agent on Windows (on page 83)
Services Installed with Tripwire Enterprise Agent
The tables in this section list the services installed with Tripwire Enterprise Agent. For
information on the services installed with Tripwire Enterprise Console, see Services Installed
with Tripwire Enterprise Console on page 16
Table 13. Services installed with Tripwire Enterprise Agent software
Requires
Agent Listening Firewall
Type Service Name Ports Access? Description
AIX teagent 9898 Y Incoming RMI from TE Console
1080 Y Used only if the agent is a SOCKS

proxy
teges none
HP-UX TWeagent 9898 Y Incoming RMI from TE Console

proxy
Linux twdaemon 9898 Y Incoming RMI from TE Console

proxy
OS X Tripwire Enterprise 9898 Y Incoming RMI from TE Console

Agent
proxy
Tripwire Event 1169 N Agent event queue

Generator
Solaris twdaemon 9898 Y Incoming RMI from TE Console

proxy
teges none
Windows Tripwire Enterprise 9898 Y Incoming RMI from TE Console

Agent
proxy

Service
Requirements for an Agent System
Prior to installing Tripwire Enterprise Agent software, you should first ensure that each host
system complies with the requirements in the following sections:
l Supported Platforms (below)

l Network Requirements (below)
l Additional Requirements for Specific Platforms (below)
Supported Platforms
The Tripwire Web site provides current information on:
l The operating systems on which Tripwire Enterprise Agent software may be installed.
l The operating systems on which the Tripwire Enterprise Event Generator can be installed.
An Event Generator is required for real-time monitoring of an Agent system. When you
run the TE Agent installer on a supported Solaris system, an Event Generator is
automatically installed. For all other supported platforms, the installer gives you the option
of installing an Event Generator.
For further details, see:
Network Requirements
To install Tripwire Enterprise Agent, the host system must provide a free port to listen for
communications from your Tripwire Enterprise Server. Port 9898 is the default setting.
Note If needed, you can change the communication port after installation of Tripwire
Enterprise Agent. To do so, edit the following line in the Agent properties file
(<TE_root>/data/config/agent.properties):
tw.local.port=<communication_port>
For a diagram of default ports that may be involved in a Tripwire Enterprise

implementation, see Figure 1 on page 19.
Additional Requirements for Specific Platforms
To install TE Agent on an AIX system, the system must have AIX 5.3 Technology Level 9
and Patch Level 2. To validate these requirements, run oslevel s. The return value should be
5300-09-02-0849 or higher.
To install TE Agent on a Solaris or HP-UX system, you must first install all required patches
for the platform.
Installing Tripwire Enterprise Agent
Installing Tripwire Enterprise Agent on AIX

The AIX version of the Tripwire Enterprise Agent installer is a native RPM package. The native
RPM package and usage license are embedded in the delivered binary file (te_agent.bin).
The AIX Event Generator utilizes native OS auditing as its event source. TEedits both the bin
and stream commands of the audit system to include Tripwire's event filter, so that events that
are only of interest to Tripwire are filtered from the audit log of the system. This allows you to
continue to use auditing normally in parallel with Tripwire's monitoring.
The TE Agent installer can configure the native OS auditing during installation, or after
installation you can run the configuration script (found in <te_root>/sup/rtm/ with the other
real-time monitoring components) manually.
To install Tripwire Enterprise Agent on an AIX system, see:
l Interactive Installation for AIX (below)

l Silent Installation for AIX (on page 62)
Interactive Installation for AIX
To interactively install Tripwire Enterprise Agent on an AIX system:

1. Log in to the system with root privileges.
2. For a DVD installation, copy the following file from the Tripwire Enterprise installation
DVD to a temporary directory on the local drive:
te_agent/aix/te_agent.bin
For a download installation, expand the download file to a temporary directory on the local
drive.
3. To install the software in the default installation directory
(/usr/local/tripwire/te/agent), launch the installer by entering the following
command at a command prompt:
./te_agent.bin
To install the software in a different directory, add the --install-dir option as follows:
./te_agent.bin --install-dir <installation_directory>
Note If you install the software in a directory other than the default location, make
a note of it. You will need the full path to start the Agent.
4. If AIX is not already configured for auditing, the installer will prompt:
Audit configuration should take place so that real time will work. Do you
want to allow audit configuration? [y/N]
Enter y. If you want to configure auditing after installation, enter N.
5. If either binmode and streammode are set to on in the audit configuration file, the installer
will prompt you to either leave these settings on or turn them off. Tripwire recommends
setting both of these to off, unless they are required for non-TE OS auditing.
If binmode and streammode are set to off in the audit configuration file, installation will
complete normally.
6. If you chose not to configure auditing in step 4, you should configure it now. For more
information on this process, see Post-Installation Audit Configuration on page 64.
7. (Optional)If you create a tag file for this Agent, the tags in the file will automatically be
assigned to this node when it is added to a TEConsole. See Using Tag Files to Assign
Tags to New Agents on page 87 for more information.
Follow these steps to create a tag file:
a. Create a text file named agent.tags.conf with the tags that you want to assign.
b. Copy the tag file to <te_root>/agent/data/config on the Agent system.
8. Start the Agent. For instructions, see Managing the Tripwire Enterprise Agent Service on
page 116.
Next (Optional) To encrypt all communications between the new Agent and your TE
Server in compliance with the Federal Information Processing Standardization (FIPS)
140-2 standard, see Configuring FIPS Mode (on page 124).
Silent Installation for AIX
Note By installing Tripwire Enterprise Agent software, you consent to all terms and
conditions outlined in the Tripwire EULA. For more information, see The End-User
License Agreement on page 56.
To silently install Tripwire Enterprise Agent on an AIX system:

te_agent/aix/te_agent.bin
For a download installation, expand the file to a temporary directory on the local drive.
./te_agent.bin --eula accept --silent --server-host <server_host>
--server-port <server_port> --passphrase <services_password>
--rtmport <port number> --enable-audit-conf <true|false>
--turn-bin-mode-off <true|false> --turn-stream-mode-off <true|false>
To install the software in a different directory, add the following option:

--install-dir <installation_directory>
For command-line component definitions, see Table 14 on the next page.
page 116.
Table 14. Command-line components for AIX silent installations
Command-line
Component Description
--eula accept Indicates your agreement with the Tripwire EULA.
--enable- (Optional) Tells the installer to configure AIX for auditing. If set to false, you must
audit-conf manually configure auditing after the installation. For more information, see Post-
Installation Audit Configuration on the next page.
<true|false>
Note: This setting must be used in conjunction with the--rtmport, --turn-bin-
mode-off, and --turn-stream-mode-off settings.
--enable-fips (Optional) Enables FIPS mode for the Agent.

Note: For an introduction to FIPS mode, see Configuring FIPS Mode on page 124.
--http-port (Optional) If you enable FIPSmode for the Agent with --enable-fips, you must
<http_port> include this option to specify the HTTP port on your TE Server (8080 by default).
--install-dir (Optional) The full path to a non-default installation directory.

<installation_
directory>
--passphrase The same Services Password entered when Tripwire Enterprise Console was
installed.
<services_
password>
--proxy-host (Optional) The hostname or IP address of a Tripwire Enterprise proxy.

<proxy_host>
--proxy-port (Optional) The number of the port on a Tripwire Enterprise proxy with which TE will
communicate with the proxy.
<proxy_port>
Note: For more information about proxies, see Configuring a Tripwire Enterprise
Proxy for Agent Communication on page 102.
--rtmport (Optional) The real-time monitoring port (1169 by default).

<port number>
Note: This setting must be used in conjunction with the --enable-audit-conf,
--turn-bin-mode-off, and --turn-stream-mode-off settings.
--server-host The hostname or IP address of your Tripwire Enterprise Server.

<server_host>
--server-port The number of the services port on your Tripwire Enterprise Server (9898 by
default).
<server_port>
Note: You specified the services port when you installed Tripwire Enterprise
Console. The Tripwire Enterprise Server communicates with all Agents via the
services port.
--tmp-dir (Optional) Specifies an alternative temporary directory for the installation.

<temporary_
directory>
Command-line
--turn-bin- (Optional) Turns AIX auditing binmode on or off. Tripwire recommends setting this
mode-off to true (unless binmode is required for non-TE OS Auditing).
<true|false>
--rtmport, and --turn-stream-mode-off settings.
--turn-stream- (Optional) Turns AIX Auditing streammode on or off. Tripwire recommends setting
mode-off this to true (unless streammode is required for non-TE OS Auditing).
<true|false>
--turn-bin-mode-off, and --rtmport settings.
Post-Installation Audit Configuration
If you did not configure AIXaudit configuration during the TEAgent installation process, run
the following script from the command line of the AIXAgent system:
<te_root>/sup/rtm/teauditconfig
If either binmode or streammode are on, you will be prompted to either leave them on or turn
them off. Tripwire recommends turning these off, unless they are required for non-TE OS
auditing.
Restoring Audit Configuration Files
When an AIXAgent is installed, it changes some AIXaudit configuration files (bincmds,

config, and streamcmds) and creates backup copies of the originals. The backup files have a
date stamp appended to the filename (for example, bincmds.25-Mar-2011-05.42.27).
If you uninstall the Agent or want to disable real-time monitoring, you should restore the
modified audit configuration files using the backup copies.
To restore your audit configuration files:

1. Log in to the AIX system with root privileges.
2. Enter the following command:
cd /etc/security/audit
3. Use commands like the following to restore the bincmds, config, and streamcmds files:
a. mv bincmds bincmds.tw
b. mv bincmds.<datestamp> bincmds
4. Review the contents of each file to verify that it is correct.
Installing Tripwire Enterprise Agent on Apple OS X
The OS X version of the Tripwire Enterprise Agent installer is available in two forms:
l a text-based command line installer (te_agent.bin), a native OS X package with the

package and usage license embedded in the binary file
l a GUI installer/configuration tool (te_agent.dmg), a native OS X disk image file that
contains the Agent installer app. The package and usage license are embedded in the app
file (Tripwire Enterprise Agent.app).
To install Tripwire Enterprise Agent on an OS X system, see:
l Interactive Installation for OS X (below)

l Silent Installation for OS X (on page 67)
Interactive Installation for OS X
Note Java Runtime Environment (JRE) version 1.6.0_37 or later must be installed on an
OS Xsystem before TE Agent can be installed. For information on installing a JRE,
see your OS Xsystem documentation or contact Apple Support.
To interactively install Tripwire Enterprise Agent on an OS X system:

2. For a DVD installation, copy the appropriate file from the Tripwire Enterprise installation
Command-line installer:te_agent/macosx/te_agent.bin
GUIinstaller:te_agent/macosx/te_agent.dmg
For a download installation, expand the download file to a directory on the local drive.
3. For the command-line installer, use the following command to launch the installer:
./te_agent.bin
For the GUI installer, double-click on the te_agent.dmg file to open it, then double-click
the Tripwire Enterprise Agent.app file.
With either installation method, the software is installed to
/usr/local/tripwire/te/agent and this location cannot be changed.
4. Follow the on-screen instructions to complete the installer.
Note If you install the Event Generator, you can monitor the Agent system in real
time. For more details, see How Does an Event Generator Collect Audit
Events? in the Tripwire Enterprise User Guide.
6. Start the Agent with the following command:

launchctl start com.tripwire.te.agent
If you need to stop the Agent, use this command:

launchctl stop com.tripwire.te.agent
Silent Installation for OS X
Notes Java Runtime Environment (JRE) version 1.6.0_37 or later must be installed on an
OS Xsystem before TE Agent can be installed. For information on installing a
JRE, see your OS Xsystem documentation or contact Apple Support.
By installing Tripwire Enterprise Agent software, you consent to all terms and
conditions outlined in the Tripwire EULA. For more information, see The End-
User License Agreement on page 56.
To silently install Tripwire Enterprise Agent on an OS X system:

te_agent/macosx/te_agent.bin
3. Use the following command to launch the installer:
For descriptions of command-line components, see Table 15 on the next page. The
software is installed to /usr/local/tripwire/te/agent and this cannot be changed.
By default, the installer also installs an Event Generator that uses port 1169 to
communicate with Tripwire Enterprise Agent. To specify a different port, add:
--install-rtm true --rtmport <EG_port>
5. Start the Agent with the following command:

launchctl start com.tripwire.te.agent
If you need to stop the Agent, use this command:

launchctl stop com.tripwire.te.agent
Table 15. Command-line components for OS X silent installations
Command-line

--install-rtm (Optional) By default, the installer installs an Event Generator that communicates
with Tripwire Enterprise Agent via port 1169. To use a different port, enter this
[true|false]
option with a value of true, and specify the port with the --rtmport option.
To prevent the installation of an Event Generator, enter this option with a value of
false.
Note: If you enter false, you can always install the Event Generator at a later time
(see Managing the Event Generator Service on page 118).
installed.
<services_
password>

<proxy_host>
<proxy_port>
--rtmport (Optional) If you enter a --install-rtm option, you can use this option to
<EG_port> specify a non-default port for communications between the Event Generator and
Tripwire Enterprise Agent. (The default port is 1169.)

<server_host>
default).
<server_port>
Console software on your Tripwire Enterprise Server. The TE Server communicates
with all Agents via the services port.

<installation_
directory>
Installing Tripwire Enterprise Agent on HP-UX
The HP-UX version of the Tripwire Enterprise Agent installer is a native SD-UX package
(.depot) named te_agent.depot.
To install Tripwire Enterprise Agent on an HP-UX system, see:
l Interactive Installation for HP-UX (below)

l Silent Installation for HP-UX (on page 71)
Interactive Installation for HP-UX
To interactively install Tripwire Enterprise Agent on an HP-UX system:

2. For a DVD installation, copy one of the following files from the Tripwire Enterprise
installation DVD to a temporary directory on the local drive.
l For Itanium IA-64: agent/hpux/ia64/te_agent.depot
l For PA-RISC: agent/hpux/pa-risc/te_agent.depot
/usr/sbin/swinstall -s <depot_file_path>/te_agent.depot -x ask=true
TWeagent
where <depot_file_path> is the absolute path to the depot file on your Tripwire
Enterprise installation DVD (or in your download archive).
To install the software in a different directory, replace TWeagent with the following value:
TWeagent:<installation_directory>/
The -x ask=true option is required in order to prompt the user for

configuration options.
page 116.
Silent Installation for HP-UX
To silently install Tripwire Enterprise Agent on an HP-UX system, complete the following
tasks:
Step 1. Converting the Depot File (below)

Step 2. Creating a Response File (below)
Step 3. Installing Tripwire Enterprise Agent (on the next page)
Step 1. Converting the Depot File
To convert the depot package file (te_agent.depot) from tape format to a file system
layout format:
1. Log in to the HP-UX system with root privileges.
2. At a command prompt, enter the following command:
/usr/sbin/swcopy -s <depot_file_path>/te_agent.depot \*
where <depot_file_path> is the absolute path to the depot file on your Tripwire
Enterprise installation DVD (or in your download archive).
Step 2. Creating a Response File
With an interactive installation, you provide answers to a series of questions presented by the
Tripwire Enterprise Agent installer. With a silent installation on an HP-UX system, you enter
your answers in a response file prior to installation. When you install the Agent (in Step 3.
Installing Tripwire Enterprise Agent on the next page), the installer automatically gathers the
required information from the response file.
This procedure creates a response file in the following location:
/var/spool/sw/catalog/TWeagent/TWeagent_FILES/response
To create a response file for silent installation of Tripwire Enterprise Agent on an HP-UX
system:
2. Enter the following swask command to generate the response file:
/usr/sbin/swask -s /var/spool/sw TWeagent
3. Follow the on-screen instructions to complete the response file.
Step 3. Installing Tripwire Enterprise Agent
To silently install Tripwire Enterprise Agent on an HP-UX system:

(/usr/local/tripwire/te/agent), enter the following swinstall command at a
command prompt:
/usr/sbin/swinstall -s /var/spool/sw TWeagent
To install the software in a different directory, replace TWeagent with the following value:
TWeagent:<installation_directory>/
page 116.
Installing Tripwire Enterprise Agent on Linux
The Linux version of the TE Agent installer is a native RPM package. The native RPM package
and usage license are embedded in the delivered binary file (te_agent.bin). To install TE
Agent on a Linux system, see:
l Interactive Installation for Linux (below)

l Silent Installation for Linux (on page 75)
Interactive Installation for Linux
To interactively install Tripwire Enterprise Agent on a Linux system:

2. For a DVD installation, copy the following file from the TE installation DVD to a
temporary directory on the local drive:
l For 32 bit: te_agent/linux/i386/te_agent.bin
l For 64 bit: te_agent/linux/x86_64/te_agent.bin
For a download installation, expand the appropriate zip file (32-bit or 64-bit) to a
temporary directory on the local drive.
./te_agent.bin
To install the software in a different directory, enter:

./te_agent.bin --install-dir <installation_directory>
Notes If you install the software in a directory other than the default location, make
If you install an Event Generator with the Agent, you can monitor the Agent
system in real time. For more details, see How Does an Event Generator
Collect Audit Events? in the Tripwire Enterprise User Guide.

page 116.
Silent Installation for Linux
To silently install Tripwire Enterprise Agent on a Linux system:

l For 32 bit: te_agent/linux/i386/te_agent.bin
l For 64 bit: te_agent/linux/x86_64/te_agent.bin
To install the software in a different directory, add the following option:

--install-dir <installation_directory>
By default, the installer also installs an Event Generator that uses port 1169 to
communicate with Tripwire Enterprise Agent. To specify a different port, add the
following options:
--install-rtm true --rtmport <EG_port>
For descriptions of command-line components, see Table 16 on the next page.
page 116.
Table 16. Command-line components for Linux silent installations
Command-line

--install-dir (Optional) The full path to a non-default installation directory.

<installation_
directory>
--install-rtm (Optional) By default, the installer installs an Event Generator that communicates
with Tripwire Enterprise Agent via port 1169. To use a different port, enter this
[true|false]
option with a value of true, and specify the port with the --rtmport option.
To prevent the installation of an Event Generator, enter this option with a value of
false.
Note: If you enter false, you can always install the Event Generator at a later time.
For instructions, see Managing the Event Generator Service on page 118.
installed.
<services_
password>

<proxy_host>
<proxy_port>
--rtmport <EG_ (Optional) If you enter a --install-rtm option, you can use this option to
port> specify a non-default port for communications between the Event Generator and
Tripwire Enterprise Agent. (The default port is 1169.)

<server_host>
default).
<server_port>
Console software on your Tripwire Enterprise Server. The TE Server communicates
with all Agents via the services port.

<installation_
directory>
Installing Tripwire Enterprise Agent on Solaris
The Solaris version of the Tripwire Enterprise Agent installer is a native Solaris package. The
package and usage license are embedded in the package file (te_agent.pkg).
To install Tripwire Enterprise Agent on a Solaris system, see:
l Interactive Installation for Solaris (below)

l Silent Installation for Solaris (on page 80)
Interactive Installation for Solaris
To interactively install Tripwire Enterprise Agent on a Solaris system:

1. Log in to the system with root privileges or a local, non-root user account that has been
assigned the Software Installation profile with the following command:
usermod -P "Software Installation" <username>
Tip To grant a non-root user account the ability to access files and directories that
would otherwise be unreadable, add the following command:
usermod -K defaultpriv=basic,file_dac_read,
file_dac_search <username>
Where <username> is the name of the user account. For more information
about Solaris Role-Based Access Controls, see the rbac(5) and privileges(5)
Solaris man pages.
l For SPARC: te_agent/solaris/sparc/te_agent.pkg
l For x86: te_agent/solaris/x86/te_agent.pkg
drive.
3. Launch the installer with one of the following commands.
If you logged in with root privileges, enter:
pkgadd -d <pkg_file_path>/te_agent.pkg TWeagent
If you logged in with a local user account, enter:

/usr/bin/pfexec /usr/sbin/pkgadd -d <pkg_file_path> TWeagent
where <pkg_file_path> is the path to the temporary directory.
page 116.
7. If the Agent will use a TE Event Generator for real-time monitoring in a non-global zone,
complete the steps in Configuring the Global Event Source for Non-Global Zones (on the
next page).
Configuring the Global Event Source for Non-Global Zones
When you install TE Agent on a Solaris system's global zone, the Global Event Source is
included with the installation. If you want to run the TE Event Generator on a Solaris
system, you must configure the Global Event Source on the system's global zone. The
Global Event Source gathers operating system events and makes them available to the
Event Generator. In turn, the Event Generator forwards the events to the Agent.
On a Solaris 10 system, the SUNWzoner and SUNWzoneu packages are required to run the
TEEvent Generator. If you are using the Solaris Live Update feature, you may also want to
install the SUNWluzone package.
To enable the Global Event Source once TE Agent has been installed on a Solaris
system, run the following command on the system's global zone:
svcadm enable teges
To configure the Global Event Source, complete the following steps for each non-
global zone:
1. In the zonecfg file, edit the zone's configuration as follows:
zonecfg -z <zone_name>
2. Run the following commands:

add fs
set dir=/opt/tripwire/doors
set special=/opt/tripwire/doors
set type=lofs
end
commit
exit
3. Run one of the following commands.

To reboot the zone, run zlogin <zone_name> reboot
To create and mount an LOFS directory (without rebooting), run:
mkdir -p <zone_path>/root/opt/tripwire/doors
mount -F lofs /opt/tripwire/doors <zone_path>/root/opt/tripwire/doors
Silent Installation for Solaris
To silently install Tripwire Enterprise Agent on a Solaris system, complete the following tasks:
Step 1. Creating a Response File (below)

Step 2. Creating an Admin File (on the next page)
Step 3. Adding the Package File (on page 82)
Step 1. Creating a Response File
With an interactive installation, you provide answers to a series of questions presented by the
Tripwire Enterprise Agent installer. With a silent installation on a Solaris system, you enter your
answers in a response file prior to installation. When you install the Agent (in Step 3. Adding the
Package File on page 82), the installer automatically gathers the required information from the
response file.
To create a response file for a Solaris system:

1. Log in to the system with root privileges or a local, non-root user account that has been
assigned the Software Installation profile.
usermod -P "Software Installation" <username>
Tip To assign root-level, file-read privileges to a local, non-root user account, log
in with root privileges and run the following command:
usermod -K defaultpriv=basic,file_dac_read,
file_dac_search <username>
Where <username> is the name of the local user account. For more
information, see the usermod(1M) and pfexec(1) Solaris man pages.
l For SPARC: te_agent/solaris/sparc/te_agent.pkg
l For x86: te_agent/solaris/x86/te_agent.pkg
drive.
3. Launch the installer with one of the following commands.
If you logged in with root privileges, enter:
pkgask -d <pkg_file_path>/te_agent.pkg
-r <response_file_path>/response_file TWeagent
If you logged in with a local user account, enter:

/usr/bin/pfexec /usr/sbin/pkgask -d <pkg_file_path>/te_agent.pkg
For command-line component definitions, see Table 17.

5. If the Agent will use a TE Event Generator for real-time monitoring in a non-global zone,
complete the steps in Configuring the Global Event Source for Non-Global Zones on page
79.
Table 17. Command-line components for the Solaris response file
Command-line Component Description
-d <pkg_file_path> The full path name of the directory to which you copied the Solaris
package file ( te_agent.pkg).
-r <response_file_path> The full path name of the directory in which the response file
( response_file) will be created.
Step 2. Creating an Admin File
An admin file defines how the pkgadd utility installs packages on a Solaris system. To silently
install Tripwire Enterprise Agent on a Solaris system, you must create a customized copy of the
systems default admin file.
To create a customized admin file:

1. Locate the following default admin file:
/var/sadm/install/admin/default
2. Copy the default admin file to another local directory. Name the new file admin_file.
3. Edit admin_file to match the following content:
#ident "@(#)default 1.4 92/12/23 SMI" /* SVr4.0 1.5.2.1 */
mail=
instance=overwrite
partial=ask
runlevel=ask
idepend=ask
rdepend=ask
space=ask
setuid=ask
conflict=ask
action=nocheck
basedir=default
Step 3. Adding the Package File
1. To add the Solaris package file (te_agent.pkg), enter one of the following commands at a
command prompt on the Solaris system.
If you created the response file with root privileges (see Step 1. Creating a Response
File on page 80), enter:
pkgadd -n -r <response_file_path>/response_file
-a <admin_file_path>/admin_file -d <pkg_file_path>/te_agent.pkg TWeagent
If you created the response file with a local user account, enter:
/usr/bin/pfexec /usr/sbin/pkgadd -d <pkg_file_path>/te_agent.pkg
For command-line component definitions, see Table 18 (below).

Tags to New Agents on page 87 for more information. To create a tag file:
page 116.
Table 18. Command-line components for the Solaris package file
Command-line Component Description
-a <admin_file_path> The full path name of the directory containing the admin file
( admin_file).
-d <pkg_file_path> The full path name of the directory containing the package file
( te_agent.pkg).
-r <response_file_path> The full path name of the directory containing the response file
( response_file).
Installing Tripwire Enterprise Agent on Windows
The Windows Tripwire Enterprise Agent installer uses Microsoft Windows Installer (.msi)
technology to implement a native installer package, a single file package named te_agent.msi.
To install Tripwire Enterprise Agent on a Windows system, see:
l Interactive Installation for Windows (below)

l Silent Installation for Windows (on the next page)
Interactive Installation for Windows
To interactively install Tripwire Enterprise Agent on a Windows system:

1. Log in to the system with Administrator privileges.
Tags to New Agents on page 87 for more information. To create a tag file:
a. On the Agent system, create a directory at:
C:\Program Files\Tripwire\TE\Agent\data\config
or at an equivalent location if you are installing TEAgent to a non-default location.

b. Create a text file named agent.tags.conf in this directory with the tags that you
want to assign.
3. For a DVD installation, navigate to the appropriate directory for your platform:
For 32-bit: \te_agent\windows\i386
For 64-bit: \te_agent\windows\x86_64
For a download installation, expand the appropriate zip file (32-bit or 64-bit) to a
temporary directory on the local drive.
4. Launch the installer by executing the te_agent.msi file. Follow the on-screen instructions
to complete the installer.
Note If you install the Event Generator, you can monitor the Agent system in real
time. For more details, see How Does an Event Generator Collect Audit
Events? in the Tripwire Enterprise User Guide.
5. If you did not select the Start Agent after installation check box in the installer,
complete the steps in Managing the Tripwire Enterprise Agent Service on page 116.
Silent Installation for Windows
To silently install Tripwire Enterprise Agent on a Windows system:

The tag file must be present before the Agent starts for the first time. If you want the
installer to start the Agent after installation (the default behavior), you must create the tag
file before running the installer:
a. On the Agent system, log in with Administrator privileges and create a directory at
C:\Program Files\Tripwire\TE\Agent\data\config
or at an equivalent location if you are installing TEAgent to a non-default location.

b. Create a text file named agent.tags.conf in this directory with the tags that you
want to assign.
Note If you plan to start the Agent manually after installation and set
START_AGENT=false in step 2, you can create the tag file as described above
after running the installer.
2. Run the following command on the Agent's command line:

te_agent.msi /qn TE_SERVER_HOSTNAME=<server_host>
TE_SERVER_PORT=<server_port> SERVICES_PASSWORD=<services_password>
START_AGENT=[true|false] INSTALLDIR=<install_path> INSTALL_RTM=[true|false]
RTMPORT=<Event_Generator_port> ACCEPT_EULA=[true|false]
For command-line component definitions, see Table 19 on the next page.
Notes All command-line components are case sensitive.
The TE_SERVER_PORT, START_AGENT, INSTALLDIR, and INSTALL_RTM parameters are

optional since they have default values. Otherwise, all of the options are required
in order to have a functional installation.
Table 19. Command-line components for Windows silent installations
Command-line
ACCEPT_EULA= If you agree to the terms of the Tripwire EULA, enter true. If you do not
[true|false] agree to the terms, you cannot install Tripwire Enterprise Agent.
INSTALLDIR= (Optional) By default, the command installs the software to:

<install_path> C:\Program Files\Tripwire\TE\Agent\
To install Tripwire Enterprise Agent in a non-default directory, enter this
option with the full path to the directory.
Note: If you install the software in a directory other than the default
location, make a note of it. You will need the full path to start the Agent.
INSTALL_FIPS= (Optional) Enables FIPS mode for the Agent.

[true|false] Note: For an introduction to FIPS mode, see Configuring FIPS Mode on
page 124.
INSTALL_RTM= (Optional) If you want to conduct real-time monitoring of the Agent

system, you must install the Tripwire Event Generator.
[true|false]
To install the Event Generator, enter true (default setting).
Note: If you enter false, you can always install the Event Generator at a
later time (see Managing the Event Generator Service on page 118).
RTMPORT= (Optional) If you install an Event Generator (EG) with the INSTALL_RTM
<Event_Generator_port> command, the EG communicates with the Agent via port 1169 by
default. To use a different port, enter the port number here.
SERVICES_PASSWORD= The same Services Password entered when Tripwire Enterprise Console
was installed.
<services_password>
START_AGENT= (Optional) To automatically start the Agent following installation, enter

[true|false] true (default setting).
If you enter false, you will need to start the Agent following installation
(see Managing the Tripwire Enterprise Agent Service on page 116).
TE_PROXY_HOSTNAME= (Optional) The hostname or IP address of a Tripwire Enterprise proxy.

<te_proxy_hostname>
TE_PROXY_PORT= (Optional) The number of the port on a Tripwire Enterprise proxy with
which TE will communicate with the proxy.
<te_proxy_port>
Note: For more information about proxies, see Configuring a Tripwire
Enterprise Proxy for Agent Communication on page 102.
TE_SERVER_HOSTNAME= The hostname or IP address of your Tripwire Enterprise Server.

<server_host>
TE_SERVER_HTTP_PORT= (Optional) If you enable FIPSmode for the Agent with INSTALL_FIPS,
<http_port> you must include this option to specify the HTTP port on your TE Server
(8080 by default).
Command-line
TE_SERVER_PORT= (Optional) The number of the services port on your Tripwire Enterprise
Server (9898 by default).
<server_port>
Note: You specified the services port when you installed Tripwire
Enterprise Console. The Tripwire Enterprise Server communicates with all
Agents via the services port.
Using Tag Files to Assign Tags to New Agents
Starting with Tripwire Enterprise 8.3.7, tag files can be deployed with new TEAgent
installations to simplify onboarding of new systems. A tag file is a text file on an Agent system
that specifies tags to be assigned to the asset the first time it is added to a TEConsole.
Tag files can be useful when automatic tagging profiles alone are not sufficient to tag assets, for
example in cases when different assets share the same IP address or hostname.
Note For more information on tags, tagging profiles, and how they can be used in TE, see
Getting Started with Tags in the Tripwire Enterprise User Guide.
Consider the following points when using tag files:
l Specific instructions for deploying tag files on each platform are in the TEAgent
installation procedures in Chapter 2: Installing Tripwire Enterprise Agent (on page 55).
l Tag files must be named agent.tags.conf, and must be located in the Agent system's
<te_root>/agent/data/config directory. The format for a tag file is specified in Tag
File Format (below).
l A tag file must be present before the Agent has started for the first time, and the tags in
the file are only assigned the first time the asset is added to a TE Console. Subsequent
restarts will not add tags or modify the tags already assigned.
l Tags in a tag file are added in addition to the system tags (Operating System, Status,
etc.) that are automatically assigned when an asset is added to TEConsole.
l Tags and tag sets used in the tag file must already exist within a TE Console when the
asset is added. If new tags or tag sets are included in a tag file, no tags in the file will be
assigned, and the Console will generate an error.
l Only user-created tags and tag sets can be added using a tag file. If system tag sets or
operational tag sets are included in a tag file, they will be ignored.
l If an asset's tag file contains errors when it is added to TEConsole, the asset is tagged
with a Health:Uncategorized Error tag. In addition, an error message with the category
Asset View Change will be added to the Log Manager and teserver.log file.
Tag File Format

One tag set and tag name are allowed per line of the tag file, using the following format:
<tag_set_name>:<tag>
For example:
Purpose:Application
Importance:Critical
Policy:CIS
Comments can be included in the tag file if they are preceded by a # character. For example:
# Comment about the file

Purpose:Application
Importance:Critical
Policy:CIS
Special characters can be used in tag sets and tag names, but the : and # characters must be
escaped with the \ character if they are used. White space will be ignored in the tag set and tag
declaration. For example:
# White Space
Purpose: Application
# Hash Tag
\#HashTagSet:Hash\#Tag
# Colon
\:ColonTagSet:Colon\:Tag
Upgrading Tripwire Enterprise Agents
To upgrade a Tripwire Enterprise Agent, complete the following steps:
Step 1. Install Agent Update Packs (on the next page)

Step 2. Upgrade Tripwire Enterprise Agent Software (on page 91)
During an upgrade, Tripwire Enterprise will install either the 32-bit or 64-bit Tripwire Agent
software, matched to the operating system of the Agent system. If you want to upgrade 32-bit
Agent software on a 64-bit operating system, you must manually uninstall and re-install the
Agent software.
Note You cannot use this procedure to upgrade an Agent on a platform that is not
supported by the current version of Tripwire Enterprise. For a complete list of
supported platforms for the current TE release, see:
http://www.tripwire.com/register/
tripwire-enterprise-platform-and-device-support
If you upgrade an Agent running a platform that supports Event Generators (see Supported
Platforms on page 59), Tripwire Enterprise also:
1. Installs an Event Generator on the Agent system,

2. Enables audit-event collection and real-time monitoring (RTM) for the Agent, and
3. Specifies port 1169 (TCP) as the port on the Agent system to be used by Tripwire
Enterprise for all communications with the Event Generator.
You can override this default behavior for Windows Agents by uploading a properties file (in the
procedure below)containing one or both of the following lines:
install_rtm=false
rtm_port=<port_number>
Where:
install_rtm=false prevents the installation of Event Generators, and
<port_number> specifies a port other than 1169.
Notes When upgrading an Agent on a Solaris 10 system, the install_rtm option cannot
be used to prevent the installation of an Event Generator. An Event Generator is
always installed.
When upgrading an Agent on an AIXsystem, Tripwire does not recommend

setting the install_rtm flag to false in the properties file, even if you do not
intend to use real-time monitoring or Event Generator functionality with the Agent.
If you do not want to use real-time monitoring, shut down the Event Generator
(stopsrc s teeg) after upgrading the Agent.
Step 1. Install Agent Update Packs
To upgrade Tripwire Enterprise Agent, you must first install Agent update packs on your
Tripwire Enterprise Server.
To install Agent update packs on a UNIX or Linux TE Server, log in as a privileged user
and run the following commands:
1. To create a local directory for the Agent update packs, enter:
mkdir /usr/local/tripwire/te/server/lib/updaters
chown tripwire:tripwire /usr/local/tripwire/te/server/lib/updaters
2. To copy the Agent update pack directory from your Tripwire Enterprise installation DVD
(or Web download) to the Tripwire Enterprise Console installation directory, enter:
cp -r updaters/* /usr/local/tripwire/te/server/lib/updaters
Note Do not unzip the files. The installer will unzip the files automatically at a
later point.
3. To change directories to the Agent update pack directory, enter:

cd /usr/local/tripwire/te/server/lib/updaters
4. To configure the user permissions for all contents of the Agent update pack directory,
enter:
chmod 0444 *
chown tripwire:tripwire *
To install Agent update packs on a Windows TE Server:

1. Create the following directory.
C:\Program Files\Tripwire\TE\Server\lib\updaters
2. Copy all zip files from the Agent update pack directory (updaters) on your Tripwire
Enterprise installation DVD (or Web download) to the new updaters directory on the TE
Server.
Note Do not unzip the files. The installer will unzip the files automatically at a
later point.
3. To configure the user permissions for the updaters directory on the TE Server:
a. In Windows Explorer, right-click the directory and select Properties.
b. In the Properties dialog, clear (disable) the read-only attribute and verify that the
Administrators user group has the Full Control permission.
Step 2. Upgrade Tripwire Enterprise Agent Software
Notes When upgrading an Agent on a Solaris system, the procedure in this section does
not allow you to change the user account with which the Agent is running. For
more information, see Installing Tripwire Enterprise Agent on Solaris on page 77.
To upgrade an Agent on a Solaris system, the upgrade must run as the root user,
and root must be added as an authorized user to the at.allow file. If you edit this
file, you may need to create a policy waiver for some Tripwire-published policies.
To upgrade Tripwire Enterprise Agent software on one or more Agent systems, complete
the following steps in the Tripwire Enterprise interface:
1. In the Manager bar, click NODES.
2. In the tree pane, select the node group that contains the Agent nodes for the systems to be
upgraded.
3. To upgrade specific Agents, select the check box of each Agent node (or node group) in
the main pane.
To upgrade all Agents displayed in the selected node group, do not select any check
boxes.
4. Click Modify > Upgrade.

5. In the Upgrade Agents dialog, click Next.
6. (Optional) To upload a properties file:
a. Click Select.
b. Click Browse.
c. In the Choose File dialog, select the file and click Open.
d. Click Upload.
7. Click Finish.
Tip If an error occurs, Tripwire Enterprise will generate an Error message in the
Log Manager. To begin troubleshooting, review the Error message.
8. For AIXsystems only, perform the following steps to enable real-time and Event
Generator functionality:
a. Log into the AIX box with root privileges.
b. Run <te root>/sup/rtm/teauditconfig.
c. Start GES (startsrc -s teges).
Uninstalling Tripwire Enterprise Agent
To uninstall Tripwire Enterprise Agent:
1. Log in to the system with root or Administrator privileges.
2. At a command prompt, enter the appropriate command.
UNIX and OSX: <te_root>/bin/uninstall.sh [--removeall] [--force]
Windows: <te_root>\bin\uninstall.cmd [--removeall] [--force]
For descriptions of command options, see Table 20.
Note On a Windows system, Tripwire Enterprise can also be removed with the
Add/Remove Programs feature in the Control Panel.
3. For AIXsystems only, restore the AIXaudit configuration files. For more information,
see Restoring Audit Configuration Files on page 64.
Table 20. Uninstall command options
Options Description
--force If you enter the --removeall option, this option removes the files and directories
without presenting any confirmation prompts.
--removeall Removes all files and directories contained in the Tripwire Enterprise installation
directory ( <te_root>). If you omit this option from the command, the uninstaller will
retain some of the installation directorys contents, including some Tripwire Enterprise
configuration files and temporary data.
Chapter 3.
Logging In
Login Overview
Following installation of Tripwire Enterprise Console, you can access Tripwire Enterprise from
any machine that has a supported Web browser and network access to your Tripwire Enterprise
Server. For a list of supported Web browsers, see Supported Web Browsers for Tripwire
Enterprise on page 23.
The initial login procedure depends upon which method was used to install Tripwire Enterprise
Console:
l If you installed Tripwire Enterprise Console for the first time (no upgrade from a previous
version), see Logging In to a New Tripwire Enterprise Installation on the next page.
l If you upgraded from Tripwire Enterprise/Server, see Logging In to an Upgraded Tripwire
Enterprise Installation on page 96.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 94 Chapter 3. Logging In

Logging In to a New Tripwire Enterprise Installation
Follow this procedure if you installed Tripwire Enterprise Console for the first time (in other
words, if you did not upgrade from a previous version). New Tripwire Enterprise installations
use the Fast Track interface to help you quickly to configure TE.
Note If you experience problems logging in to the software, contact Tripwire Technical
Support for assistance.
To log in to a new Tripwire Enterprise Console installation:

1. Open a Web browser on any system networked with your Tripwire Enterprise Server.
2. Enter the following URL:
https://<TE_Server_hostname>:<port>
where:
<TE_Server_hostname> is the hostname or IP address of your TE Server, and
<port> is the Web Services port number entered when TE Console was installed.
For example:
https://watchdog.example.com:443
Tip Be sure to enter https (not http) in the URL.
3. Enter the services passphrase, then change the default passphrase for the TE
administrator user account. TEConsole will restart.
4. Log in to TEusing the administrator account you just created.
5. Use the Fast Track interface to configure Tripwire Enterprise and create a personal user
account. At the end of Fast Track, you will be logged in to TEusing this account.
Next To begin using the software, see the Tripwire Enterprise User Guide. A PDF
version is available in the docs directory on the Tripwire Enterprise installation
DVD. You can also view User Guide content in the online help, which can be
accessed by clicking Help in any Tripwire Enterprise Manager.
For more information about configuring and maintaining your Tripwire Enterprise
implementation, see:
l Chapter 4: Post-Installation Configuration (on page 98)

l Chapter 5: Maintenance Procedures (on page 106)

Logging In to an Upgraded Tripwire Enterprise Installation
To log in to a Tripwire Enterprise installation that was upgraded from a previous version:
1. Open a Web browser on any system networked with your Tripwire Enterprise Server.
2. Before logging in, clear your browser cache. (Residual files from your previous
installation may interfere with the current version of Tripwire Enterprise Console.)
3. Enter the following URL:
https://<TE_Server_hostname>:<port>
where:
<TE_Server_hostname> is the hostname or IP address of your TE Server, and
<port> is the Web Services port number.
For example:
https://watchdog.example.com:443
Note The hostname and port number were entered when you originally installed
Tripwire Enterprise Console.
4. Your browser may display a security alert about the softwares security certificate. To
proceed, accept the certificate.
5. If you have not changed the default password for the administrator user account, you
must enter the services passphrase and then enter a new passphrase for the
administrator account. After entering a new passphrase, TEConsole will restart.
6. In the login dialog, log in with the username and password for any previous Tripwire
Enterprise user account.
Note By default, Tripwire Enterprise displays times and dates in United States
English format. In the Locale drop-down, each locale is listed twice: once in
the native language of the locale, and once in the language specified by the
locale of the local machine.
To display times and dates in a different locale, change the locale setting
when you log into the software. (If you select a Japanese locale, Tripwire
Enterprise also displays Japanese text in the user interface.)

7. If you upgraded from a Tripwire Enterprise implementation that included any policy tests,
the tests will continue to run as before. However, to enable Policy Manager features, you
must import a license file containing Configuration Assessment licenses:
a. In the tree pane of the Settings Manager, click Licenses.

b. Click Add License.
c. In the Add License dialog, locate and select the license file, and then click OK.
Next If your previous Tripwire Enterprise implementation included policy tests, and you
want to import the latest policy files from the Tripwire Web site, see What are Pre-
Configured Rules and Policies? in the Tripwire Enterprise User Guide.
For more information about configuring and maintaining your Tripwire Enterprise
implementation, see:
l Chapter 4: Post-Installation Configuration (on page 98)

l Chapter 5: Maintenance Procedures (on page 106)
For additional information, see the Tripwire Enterprise User Guide. A PDF version
is available in the docs directory on the Tripwire Enterprise installation DVD. You
can also view User Guide content in the online help, which can be accessed by
clicking Help in any Tripwire Enterprise Manager.

Chapter 4.
Post-Installation
Configuration
Configuring Tripwire Enterprise Inside a Network Address
Translation (NAT) Environment
Network Address Translation (NAT) is an Internet standard that enables a local-area network
(LAN) to use one set of IP addresses for internal traffic and a second set of addresses for
external traffic. Positioned between the LAN and the Internet, a NAT server translates any
internal IP addresses embedded in communications that pass between internal and external
systems. By preventing the exposure of internal IP addresses to external sources, NAT enhances
the security of an organizations network.
Note A DNS server is not required for a Tripwire Enterprise (TE) implementation in a
NAT environment. However, if your environment does use DNS, be sure that each
TE system outside of the NAT resolves the systems hostname to the NAT servers
IP address. In other words, the TE system inside the NAT must resolve the
hostname to itself.
To configure a Tripwire Enterprise system (either a TE Server or TE Agent) positioned

inside a NAT environment:
1. Configure the NAT server to forward inbound communications to the RMI and HTTP
ports (9898 and 8080 by default) used by TE.
2. On the TE system:
a. Open the hosts file. By default, this file is stored in the following directories.
Windows: \WINDOWS\System32\drivers\etc\
UNIX/Linux/OSX: /etc/
b. Delete any external hostnames in the 127.0.0.1 loopback line.
c. Add the following line:
<TE_system_IP_address><TE_system_FQDN> <TE_system_hostname>
For example:
10.0.0.1internal.mycompany.cominternal
For variable definitions, see Table 21.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 99 Chapter 4. Post-Installation Configuration
Table 21. Variables involved in NAT configuration
Variable Description
<TE_system_IP_ The IP address of the TE system inside the NAT (either a TE Server or
TE Agent).
address>
<TE_system_FQDN> The fully-qualified domain name of the TE system inside the NAT.
<TE_system_ The hostname of the TE system inside the NAT.

hostname>
<NAT_IP_address> The IP address of the NAT server.
3. On each Tripwire Enterprise system outside of the NAT:

a. Open the hosts file.
b. Delete any external hostnames in the 127.0.0.1 loopback line.
c. Enter the following line:
<NAT_IP_address><TE_system_FQDN><TE_system_hostname>
For example:
100.3.2.1internal.mycompany.cominternal
4. On a TE Agent system inside the NAT, configure the systems configuration file:
a. Open the agent.properties file. By default, this file is stored in:
<TE_root>/data/config/
b. Add the following property:

java.rmi.server.hostname=<TE_system_FQDN>
For example:
java.rmi.server.hostname=internal.mycompany.com
c. Save and close the agent.properties file.
5. Restart the TE service on the system inside the NAT. For instructions, see:
l Managing Tripwire Enterprise Services (on page 115)

l Managing the Tripwire Enterprise Agent Service (on page 116)
Configuring a Tripwire Enterprise Agent for Use on a Multi-NIC
System
A Tripwire Enterprise Server can communicate with Agents via a network interface card (NIC)
other than the primary/default interface.
To configure a Tripwire Enterprise Agent for use with multiple NICs:

1. On the system where the Agent is installed, login as the root user (UNIX/Linux/OS X) or
as Administrator (Windows).
2. Stop the TE Agent service (see Managing the Tripwire Enterprise Agent Service on page
116).
3. Open the agent.properties file and add the following lines:
tw.rpc.interfaceAddr=<NIC_IP_address>
java.rmi.server.hostname=<NIC_FQDN>
where
<NIC_IP_address> is the IP address that the Agent will listen on. If not specified, the
Agent will listen on any local IPaddress
and
<NIC_FQDN> is the fully-qualified domain name of the NIC used by the TE Server for
connections to the Agent.
4. Save and close the agent.properties file.

5. Restart the TE Agent service (see Managing the Tripwire Enterprise Agent Service on
page 116).
Configuring a Tripwire Enterprise Proxy for Agent
Communication
A Tripwire Enterprise (TE) proxy is an Agent system that enables your TE Server to
communicate with other Agent systems on the other side of a firewall. If you create and
configure a TE proxy, all communications between your TE Server and specified Agents will
pass through the proxy, thereby bypassing the firewall.
To configure a TE proxy, complete the following steps:
l Step 1. Configuring Your Tripwire Enterprise Server (below)

l Step 2. Installing and Configuring the Tripwire Enterprise Proxy (on the next page)
l Step 3. Configuring Agents for Communication with the Tripwire Enterprise Proxy (on
page 104)
l Step 4. Configuring the Firewall (on page 105)
Step 1. Configuring Your Tripwire Enterprise Server

If any of the TE Agents that will use the TE proxy are unable to resolve the hostname of your
TE Server, complete the steps below. Otherwise, proceed to Step 2. Installing and Configuring
the Tripwire Enterprise Proxy on the next page.
To configure your Tripwire Enterprise Server for a TE proxy:

1. On the TE Server, open the TE Console configuration file:
<TE_root>/data/config/server.properties
2. If the proxy has multiple NICs, and the Agents and TE Server are on different subnets, set
the following property to inform the TE Server of the IP addresses used by the Agents to
communicate with the proxy:
tw.proxy.nicMap = <server1_proxy>:<agent1_proxy>,<agent2_proxy>, ...
where:
<server1_proxy> is the IP address used by the TE Server to communicate with the proxy,
<agent1_proxy> is the IP address used by the first Agent to communicate with the proxy,
and
<agent2_proxy> is the IP address used by the second Agent to communicate with the
proxy.
To configure multiple proxies, insert a bar (|) between the addresses for each proxy. For
example:
tw.proxy.nicMap = <server1_proxy>:<agent1_proxy>,<agent2_proxy> | \
<server2_proxy>:<agent3_proxy>,<agent4_proxy>
\ is a line-continuation character.
3. Restart the TE Console service (see Managing Tripwire Enterprise Console Services on
page 115).
Step 2. Installing and Configuring the Tripwire Enterprise Proxy

In this step, you will install and configure Tripwire Enterprise Agent software on your proxy
system. The proxy system must be able to resolve the hostname of your TE Server.
To install and configure your TE proxy:

1. Install Tripwire Enterprise Agent software on the TE proxy system. For more information,
see Chapter 2: Installing Tripwire Enterprise Agent (on page 55).
2. Open the Agent configuration file on the TE proxy system:
<TE_root>/data/config/agent.properties
3. Add socksProxy to the space.bootstrapables property. For example:

space.bootstrapables=station,socksProxy
4. Enter (or confirm) the value of each property listed in Table 22 on the next page.
Table 22. Properties for the TE proxy system
Property Description
java.rmi.server.hostname The fully-qualified domain name of the NIC used by the TE Server for
connections to the Agent.
tw.proxy.serverPort The port on the TE proxy that will receive proxy requests from TE
Agents and the TE Server (default = 1080).
tw.rpc.interfaceAddr If your TE proxy is multi-NIC with multiple domain names, enter the
domain name or IP address of the proxy system with this property.
tw.server.host The IP address or FQDN of your TE Server.
tw.server.port The port on your TE Server that receives inbound communications

from Agents (default = 9898).
webserver.http.port If your TE Server is using a port other than 8080 to download JAR files
to Agent systems, enter the port that is in use by the TE Server.
Step 3. Configuring Agents for Communication with the Tripwire

Enterprise Proxy
You can configure an Agent system to work with your TE proxy either during or after
installation of the systems TE Agent software.
To configure an existing Agent system to communicate with the TE proxy:

1. Open the Agents configuration file:
<TE_root>/data/config/agent.properties
2. For the tw.proxy.host property, enter the IP address or FQDN of the TE proxy.
3. If you entered a non-default port for the tw.proxy.serverPort on the TE proxy (see Table
22 above), enter the same port number for the tw.proxy.port property.
4. Make sure that the tw.server.host property uses the correct IPaddress or FQDN.
To configure an Agent system at the time of installation, complete the appropriate installation
procedure in Chapter 2: Installing Tripwire Enterprise Agent (on page 55).
l To launch the installer for a silent installation on an AIX or Linux system, the installer-
launch command must also include the command-line components defined in Table 23 on
the next page.
l In the installers TE Server Hostname field, enter the FQDN or IP address you specified
in Step 1. Configuring Your Tripwire Enterprise Server (on page 102).
Table 23. Additional command-line components for silent installations of AIX,
Linux, and Windows Agents
Platform Command-Line Components for your TE Proxy

AIX and Linux To specify the FQDN or IP address of the TE proxy, enter:
--proxy-host <proxy_host>
(Optional) To specify the port for connections to the TE proxy, enter:
--proxy-port <proxy_port>
Windows To specify the FQDN or IP address of the TE proxy, enter:
TE_PROXY_HOSTNAME=<host>
(Optional) To specify the port for connections to the TE proxy, enter:
TE_PROXY_PORT=<port>
Step 4. Configuring the Firewall

To enable your TE Server to successfully communicate with a configured Agent via your TE
proxy, you must configure the firewall that separates the TE Server from the Agent.
To configure your firewall:

l Enable traffic from the TE proxy to the TE Server on port 8080 and the Agent-
communication port (tw.local.port).
l Enable traffic from the TE Server to the TE proxy on the port defined by the
tw.proxy.serverPort property (see Table 22 on the previous page) and the Agent-
communication port (tw.local.port).
Chapter 5.
Maintenance Procedures
Maintenance of Tripwire Enterprise
To configure Tripwire Enterprise, see the Tripwire Enterprise User Guide. Following
configuration, your Tripwire Enterprise Administrator should regularly complete the procedures
listed in Table 24 to maintain the integrity and operational efficiency of your Tripwire Enterprise
implementation. Table 24 briefly describes each of these tasks and identifies the frequency with
which each procedure should be completed.
Table 24. Maintenance procedures for Tripwire Enterprise
Complete
this
procedure
Procedure ... Description
Archiving log ... at least Created by default when Tripwire Enterprise is installed, the Archive
messages once per Log Messages Task exports specified log messages to an XML file. For
week instructions on running and scheduling this task, see How Does the
Archive Log Messages Task Work? in the Tripwire Enterprise User
Guide.
Backing up ... once per To create backup files for your Tripwire Enterprise configuration files
Tripwire day (after all and database, see Backing Up Tripwire Enterprise Data on the next
Enterprise of the days page.
data report tasks
have run)
Regenerating ... at least To optimize system efficiency and speed, update the indices for your
database once per Tripwire Enterprise Console database by running the regeneration
indices month* utility. For instructions, see Recalculating Database-Index Statistics on
page 123.
* Any time you delete a large number of elements, nodes, and/or rules, you should regenerate your
database indices.
Tripwire Enterprise 8.3 Installation & Maintenance Guide 107 Chapter 5. Maintenance Procedures
Backing Up and Restoring Tripwire Enterprise Data
Backing Up Tripwire Enterprise Data

To safeguard your Tripwire Enterprise implementation from data loss or corruption, you should
back up your data on a regular basis. With Tripwires tetool utility, you can create backup files
for your Tripwire Enterprise configuration files (known as configuration backup files). If you
have a MySQL Tripwire Enterprise Console database, tetool can also create backup files for
the data in your database (known as data backup files). (To back up data in a non-MySQL
database, refer to the documentation provided by the database vendor.)
To create backup files, enter the following command at a command prompt on your
Tripwire Enterprise Server:
tetool backup --passphrase <passphrase> <config_file> <data_file>
For command-line variable descriptions, see Table 25 on the next page.
To specify the maximum size of each backup file, you may also add the following option with
the --split command:
--split <file_size>
Tips The tetool utility is in the <te_root>\bin directory.
All backup files should be stored in a secure location.
To verify the integrity of newly created backup files, Tripwire recommends that you
use the files to restore your data on a test system (see Restoring Tripwire Enterprise
Data on page 110).
Table 25. Backup command line variables
Variable Description
<te_root> The installation directory for Tripwire Enterprise Console.
<passphrase> In a single-system installation, the passphrase is the Services Password entered when
you first installed Tripwire Enterprise Console.
In a distributed installation, the passphrase is the passphrase for your remote database.
<config_ The name of your configuration backup files.

file>
The tetool utility uses this value to name the first configuration backup file created.
If your Tripwire Enterprise configuration files exceed the size specified by the <file_
size> variable, tetool creates additional configuration backup files with an
incremental, 3-digit extension.
For example, if you enter config.bak as the file name, tetool would assign the
following names to the backup files:
l config.bak (backup file #1)

l config.bak.001 (backup file #2)
l config.bak.002 (backup file #3)
l etc.
Note: The <config_file> variable can include an absolute or relative path.
<data_file> The name of your data backup files. This variable is subject to the same guidelines as
the <config_file> variable (see above).
Note: You can only create data backup files if your Tripwire Enterprise Console
database is a MySQL database.
<file_size> (Optional) The maximum size of each backup file. For example, if your Tripwire
Enterprise data totals 7GB, and you enter 3GB as the file size, tetool will create three
data backup files; two 3GB files, and one 1GB file.
When entering the file size, use the --split command with the following
abbreviations:
l G or g = gigabytes
l M or m = megabytes
l K or k = kilobytes
For example, --split=640M or --split=640m.
Restoring Tripwire Enterprise Data
If you have created backup files for your Tripwire Enterprise data (see Backing Up Tripwire
Enterprise Data on page 108), the tetool utility can quickly restore your Tripwire Enterprise
Console configuration files and database in the event of:
l Human errors
l Malicious actions
l Natural disasters
l Data corruption
l System crashes
To restore your Tripwire Enterprise Console data, complete the following steps:
Step 1. Import Backup Files to the Tripwire Enterprise Server and Database (below)
Step 2. Restart Tripwire Enterprise Agents (on page 112)
Note If your Tripwire Enterprise Console database is not a MySQL database, the tetool
utility can only restore your Tripwire Enterprise Console configuration files. To
restore your Tripwire Enterprise data, refer to the documentation provided by the
database vendor.
Step 1. Import Backup Files to the Tripwire Enterprise Server and Database
To import your backup files:

1. At a command prompt on your Tripwire Enterprise Server, enter the appropriate command
to stop the Tripwire Enterprise Console services.
Solaris 10:svcadm disable teserver teagent
All other UNIX: /etc/init.d/twservices stop
Windows: <te_root>\bin\twservices stop
Note For command-line variable definitions and guidelines, see Table 26 on the
next page.
2. To import the backup files, enter:
tetool restore --passphrase <passphrase> <config_file> <data_file>
Caution To restore a Tripwire Enterprise Server with a hostname that differs from
the hostname of the server on which the backup files were created, you
must add the --safe option to the command. Otherwise, the restored
system may suffer unrecoverable errors on startup. (With the --safe
option, Tripwire Enterprise only restores essential files.)
Tip The tetool utility is in the <te_root>\bin directory.
3. To restart the Tripwire Enterprise Console services, enter the appropriate command.
Solaris 10:svcadm enable teserver teagent
All other UNIX: /etc/init.d/twservices start
Windows: <te_root>\bin\twservices start
Next Proceed to Step 2. Restart Tripwire Enterprise Agents (on the next page).
Table 26. Restore command line variables
Variable Definition
<te_root> The installation directory for Tripwire Enterprise Console.
<passphrase> In a single-system installation, the passphrase is the Services Password entered when
you first installed Tripwire Enterprise Console.
In a distributed installation, the passphrase is the passphrase for your remote database.
<config_ The name of the first configuration backup file.

file> Note: For information about the naming scheme employed for configuration and data
backup files, see Table 25 on page 109.
<data_file> The name of the first data backup file.
Step 2. Restart Tripwire Enterprise Agents
Once your backup files have been imported (Step 1. Import Backup Files to the Tripwire
Enterprise Server and Database on page 110), all Tripwire Enterprise Agents must be restarted
and refreshed. Data refresh synchronizes the local Agent databases with your Tripwire
Enterprise Console database.
Caution When you restart an Agent that has an Event Generator, the Agent discards any
pooled audit events and/or change versions.
Do not baseline or version check an Agent node while it is re-starting. When an

Agent has been successfully restarted, Tripwire Enterprise will create the
following System log message in the Log Manager:
Finished recreating data on <Agent_node>
To restart the Agents:

1. Log in to the Tripwire Enterprise interface with the administrator account.
2. Click NODES.
3. Click Modify > Restart Agents.

4. In the confirmation dialog, click OK.
5. Select the Refresh data on Agents check box.
6. Click OK.
Next To update Tripwire Enterprise with the current state of the restarted Agents, run a
version check on the Agent systems. For instructions, see Version Checking
Monitored Systems in the Tripwire Enterprise User Guide.
Changing the Tripwire Enterprise Services and Database
Passphrases
Changing the TEServices Passphrase

The services passphrase secures communication between the Tripwire Enterprise Console and
Tripwire Enterprise Agent software. The services passphrase is first specified when TEConsole
is installed. In order to change the services passphrase, you must execute commands on both the
system where the TE Console is installed, and on each system where TEAgent is installed.
The services passphrase must be between 6 and 64 characters. Most ASCII printable characters
are allowed, with a few exceptions:
l Alphanumeric characters (a-z, A-Z, 0-9), the space character (ASCII decimal 32), and
most punctuation characters (_-`~!@#$%^&*(),.+=[]{}|/?:;) are allowed.
l The single-quote ('), double-quote ("), less-than (<), greater-than (>), and backslash (\)
characters are not allowed.
To change the services passphrase:

1. Execute one of the following commands on the TE Console system:
l Windows: <TW_HOME>\tetool.cmd setchannelpass "<services_passphrase>"
"<new_services_passphrase>"
l UNIX:<TW_HOME>/tetool setchannelpass '<services_passphrase>'

'<new_services_passphrase>'
2. Restart the TEConsole services, as described in Managing Tripwire Enterprise Console

Services on page 115.
3. Execute one of the following commands on each system where TEAgent software is
installed:
l Windows: <TW_HOME>\tetool.cmd setchannelpass "<services_passphrase>"
"<new_services_passphrase>"
l UNIX:<TW_HOME>/tetool setchannelpass '<services_passphrase>'

'<new_services_passphrase>'
4. Restart the TEAgent services oneach Agent system, as described in Managing the
Tripwire Enterprise Agent Service on page 116.
Changing the TEDatabase Passphrase
The database passphrase secures communication between the Tripwire Enterprise Console and
a remote database. The database passphrase is first specified when the remote database is
initially created. In order to change the database passphrase, you must execute commands on
both the system where the TE Console is installed, and on the system where the database is
installed.
The database passphrase must be between 6 and 64 characters. Most ASCII printable characters
are allowed, with a few exceptions:
l Alphanumeric characters (a-z, A-Z, 0-9), the space character (ASCII decimal 32), and
most punctuation (_-`~!@#$%^&*(),.+=[]{}|/?:;) are allowed.
l The single-quote ('), double-quote ("), less-than (<), greater-than (>), and backslash (\)
characters are not allowed.
To change the database passphrase:

1. Stop the TEConsole services, as described in Managing Tripwire Enterprise Console
Services on the next page.
2. Change the passphrase on the remote database. See your database documentation for
specific instructions on changing this passphrase.
3. Execute one of the following commands on the TE Console system:

l Windows: <TW_HOME>\tetool.cmd setdatabasepass "<services_passphrase>"
"<new_database_passphrase>"
l UNIX:<TW_HOME>/tetool setdatabasepass '<services_passphrase>'

'<new_database_passphrase>'
Make sure that new_database_passphrase exactly matches the passphrase you specified
for the remote database.
4. Restart the TEConsole services, as described in Managing Tripwire Enterprise Console

Services on the next page.
Managing Tripwire Enterprise Services
Managing Tripwire Enterprise Console Services

Tripwire Enterprise Console services are processes that monitor the systems on your
network, generate Tripwire Enterprise (TE) data, and transfer data between your Tripwire
Enterprise Server and TE interface sessions. Once Tripwire Enterprise Console software is
installed, these services run continually by default. To start, stop, or check TE Console services,
enter the appropriate command at a command prompt on your TE Server (see Table 27).
Caution Tripwire Enterprise Console services provide continuous monitoring of your

network. Therefore, services should not be stopped unless you need to backup
TE data, restore data from backup, upgrade the software, or run a tetool
command.
Notes You can also start, stop, or check Tripwire Enterprise Console services from the
Windows Start menu on your TE Server.
<te_root> is the installation directory for Tripwire Enterprise Console software.
Table 27. Commands for Tripwire Enterprise Console services
Function Commands
Start On a Windows system: "<te_root>\bin\twservices" start
On a Solaris 10 system: svcadm enable teserver teagent
On all other UNIX systems: /etc/init.d/twservices start
Stop On a Windows system: "<te_root>\bin\twservices" stop
On a Solaris 10 system: svcadm disable teserver teagent
On all other UNIX systems: /etc/init.d/twservices stop
Check On a Windows system: "<te_root>\bin\twservices" check
On a Solaris 10 system: svcs -a |grep tripwire
On all other UNIX systems: /etc/init.d/twservices check
Note: These commands verify that Tripwire Enterprise Console services are running.
Restart On a Windows system: "<te_root>\bin\twservices" restart
On a Solaris 10 system: svcadm restart teserver teagent
On all other UNIX systems: /etc/init.d/twservices restart
Managing the Tripwire Enterprise Agent Service
The Tripwire Enterprise Agent service is a process that runs on a monitored file server. The
Agent service collects change data for the file server, and reports this data to the Tripwire
Enterprise Server.
When an Agent is installed on a file server, the Agent service runs continually by default. To
start, stop, or check the Tripwire Enterprise Agent service, enter the appropriate command(s) at
a command prompt on the Agent host system (see Table 28 below).
Notes On Windows systems, you can also start, stop, or check Agent services from the
Windows Start menu on the Agent host system.
On OS Xsystems, you can also start or stop Agent services from the Applications
> Utilities >Services section of the UI on the Agent host system.
<te_root> is the installation directory for Tripwire Enterprise Agent software.
Table 28. Commands for Tripwire Enterprise Agent services
Function Commands
Start On an AIXsystem, run these commands to start the Agent and its services:
startsrc -s teges
startsrc -s teeg
startsrc -s teagent
On an OS X system: launchctl start com.tripwire.te.agent
On a Solaris 10 system: $ svcadm enable teagent
On other UNIX or Linux systems: <te_root>/bin/twdaemon start
On a Windows system: "<te_root>\bin\twdaemon" start
Stop On an AIXsystem, run these commands to stop the Agent and its services:
stopsrc -s teagent
stopsrc -s teeg
stopsrc -s teges
On an OS X system: launchctl stop com.tripwire.te.agent
On a Solaris 10 system: $ svcadm disable teagent
On other UNIX or Linux systems: <te_root>/bin/twdaemon stop
On a Windows system: "<te_root>\bin\twdaemon" stop
Function Commands
Check On an AIX 5.3 or higher system: $ lssrc a
On a Solaris 10 system: $ svcs -a | grep tripwire
On other UNIX or Linux systems: <te_root>/bin/twdaemon status
On a Windows system: "<te_root>\bin\twdaemon" status
Note: These commands verify that Tripwire Enterprise Agent services are running. For
Solaris 10, the command generates a list of active subsystems or services. If 'teagent'
appears in the list with the state 'online' for Solaris 10, the Agent is running.
Restart On a Solaris 10 system: $ svcadm restart teagent
On other UNIX or Linux systems: <te_root>/bin/twdaemon restart
On a Windows system: "<te_root>\bin\twdaemon" restart
Managing the Event Generator Service
When Tripwire Enterprise Console or Tripwire Enterprise Agent software is installed on a
supported Windows or Linux system, you have the option of installing an Event Generator at the
same time. If you forego this option, you can always install an Event Generator at a later time.
If you install an Event Generator, Tripwire Enterprise can monitor the host system in real time,
as well as collect audit events from the systems security log. For a complete list of operating
systems on which the Event Generator can be installed, see the Tripwire Web site:
To install, uninstall, start, stop, or check the status of an Event Generator, enter the appropriate
command at a command prompt on the host system (see Table 29 on the next page).
Notes To resume the collection of audit events following a restart of an Event Generator
on an Agent system, you must restart and refresh the Agent. For instructions, see
Step 2. Restart Tripwire Enterprise Agents on page 112.
On OS Xsystems, you can also start and stop the Event Generator service from
the Applications > Utilities >Services section of the UI on the Agent host
system.
<te_root> is the installation directory for Tripwire Enterprise Console or Tripwire

Enterprise Agent software.
Table 29. Commands for Event Generators
Function Commands
Install On a Linux TE Server or Agent: <te_root>/bin/twrtmd installrtm
On a Windows TE Server or Agent: "<te_root>\bin\twdaemon" installrtm
Restart On a Linux TE Server or Agent: /etc/init.d/twrtmd restart
On a Solaris 10 TE Server or Agent:$ svcadm restart teeg
Start On an AIXsystem, run these commands to start the Event Generator:
startsrc -s teges
startsrc -s teeg
On a Linux TE Server or Agent: /etc/init.d/twrtmd start
On an OS XAgent: launchctl start com.tripwire.te.tesvc
On a Solaris 10 TE Server or Agent: $ svcadm enable teeg
On a Windows TE Server or Agent: "<te_root>\bin\twdaemon" startrtm
Status On a Linux TE Server or Agent: /etc/init.d/twrtmd status
On a Solaris 10 TE Server or Agent:$ svcs -a | grep tripwire
On a Windows TE Server or Agent: "<te_root>\bin\twdaemon" status
Note: These commands verify that the Event Generator is running. For Solaris 10, if ' teeg'
appears in the list with the state 'online,' the Event Generator is running.
Stop On an AIXsystem, run these commands to stop the Event Generator:
stopsrc -s teges
stopsrc -s teeg
On a Linux TE Server or Agent: /etc/init.d/twrtmd stop
On an OS XAgent: launchctl stop com.tripwire.te.tesvc
On a Solaris 10 TE Server or Agent:$ svcadm disable teeg
On a Windows TE Server or Agent: "<te_root>\bin\twdaemon" stoprtm
Uninstall On a Linux TE Server or Agent: /etc/init.d/twrtmd uninstallrtm
On a Windows TE Server or Agent: "<te_root>\bin\twdaemon" uninstallrtm
Note: The Linux command removes the Event Generator daemon and activates bypass
mode for the kernel module. To permanently remove the kernel module, re-boot the system.
Managing TE Services with the Solaris Service Management Facility
A feature of some Solaris operating systems, the Service Management Facility (SMF) simplifies
the management of hosted services. If a Tripwire Enterprise Agent is installed on a Solaris
system with the SMF, you can control the following TE services from the system's command
line (see Table 30 below):
Global Event Source (teges)

Event Generator (teeg)
Tripwire Enterprise Agent (teagent)
Table 30. Commands to manage TE services with the Solaris Service Management Facility
Function Commands
Start To start one or more TE services, enter:
$ svcadm enable <services>

Where <services> is the name of each service to be started. For example, to start the Global
Event Source, Event Generator, and Tripwire Enterprise Agent services, enter:
$ svcadm enable teges teeg teagent

Note: The Global Event Source (teges) only exists in global zones on a Solaris system.
Stop To stop a single TE service, enter:
$ svcadm disable <service>

Where <service> is the name of the service to be stopped.
Restart To restart a single TE service, enter:
$ svcadm restart <service>

Where <service> is the name of the service to be restarted.
List To generate a list of the TE services in SMF, enter:
$ svcs -a | grep tripwire
Managing the Tripwire Enterprise Console Database
About Database Maintenance

You can mitigate the growth of your Tripwire Enterprise Console database by periodically
running the following Tripwire Enterprise tasks:
l The Archive Log Messages Task archives all Tripwire Enterprise log messages that
exceed a specified age or number. For more information, see How Does the Archive Log
Messages Task Work? in the Tripwire Enterprise User Guide.
l The Compact Element Versions Task removes all content and attributes from element
versions that exceed a specified age or number. For more information, see How Does the
Compact Element Versions Task Work? in the Tripwire Enterprise User Guide.
Each of these tasks reduces the quantity of data stored in your Tripwire Enterprise Console
database (unless the database is a MySQL database).
A database index is a data structure that improves the speed of operations in a database table.
Like the index of a book, a database index contains entries that reference specific information in
the database. A query optimizer is a database component that uses database-index statistics to
determine the most efficient way to execute a query.
To optimize system efficiency and speed, you should recalculate the database-index
statistics for your Tripwire Enterprise Console database on a weekly basis. To recalculate
statistics, Tripwire Enterprise refreshes the database indices with the latest information in the
Tripwire Enterprise Console database. For instructions, see Recalculating Database-Index
Statistics on page 123.
Starting and Stopping a MySQL TE Console Database
To start or stop a MySQL Tripwire Enterprise Console database, enter the appropriate command
at a command prompt on the database host system (see Table 31 below). The host system is
either your TE Server or a remote database server.
Caution Before stopping the database, you must first stop the TE Console services. For
instructions, see Managing Tripwire Enterprise Console Services on page 115.
Table 31. Commands for a MySQL TE Console database
Function Commands
Start On a Windows system: "\bin\twdatabase" start
On a Solaris 10 system: svcadm enable mysqltripwire
On all other UNIX systems: /etc/init.d/twservices start
Stop On a Windows system: "\bin\twdatabase" stop
On a Solaris 10 system: svcadm disable mysqltripwire
On all other UNIX systems: /etc/init.d/twdatabase stop
Notes:
1. You can also start and stop the database from the Windows Start menu on the database host
system.
2. <te_root> is the installation directory for TE Console software on the database host system.
Recalculating Database-Index Statistics
For an introduction to database indices, see About Database Maintenance on page 121.
Caution Recalculating database-index statistics may take several hours, depending on the
size of the database. No user activity will be possible during this time, and you
should ensure that no tasks are scheduled to run at this time.
To recalculate index statistics for your Tripwire Enterprise Console database:

1. Click SETTINGS.
2. Under the System folder, click Database.

3. Select Recalculate database index statistics.
4. Click Apply.
5. In the confirmation dialog, click OK.
Configuring FIPS Mode
The Federal Information Processing Standardization (FIPS) 140-2 standard specifies
USgovernment requirements for cryptography modules. This topic explains how to enable FIPS
mode on your Tripwire Enterprise Server and Agents.
l If FIPS mode is enabled on both your TE Server and a TE Agent, all communications
between the two systems will be encrypted in compliance with the specifications of FIPS
140-2.
l If FIPS mode is enabled on your TEServer, but disabled on an Agent, the two systems
will be unable to communicate.
l If FIPS mode is disabled on your TE Server, all communication with Agents will be
conducted without FIPS compliance.
To enable FIPS mode, complete the following steps:
Step 1. Enabling FIPS Mode on your Tripwire Enterprise Agents (below)

Step 2. Enabling FIPS Mode on your Tripwire Enterprise Server (on the next page)
Step 3. Restart Tripwire Enterprise Agent Services (on the next page)
Caution Once FIPSmode is enabled, it cannot be disabled. You should ensure that the
use of FIPSmode is the best approach for your environment before enabling it.
Step 1. Enabling FIPS Mode on your Tripwire Enterprise Agents
In this step, you will enable FIPS mode on your TEAgents. If you do not enable FIPS mode on
an Agent, your TEServer will no longer monitor the Agent when you enable FIPS mode on the
server (Step 2. Enabling FIPS Mode on your Tripwire Enterprise Server on the next page).
To enable FIPS mode on your TE Agents, run the following commands at a command
prompt on each Agent system:
1. Stop the Tripwire Enterprise Agent services by running the appropriate command for the
Agent's platform (see Table 28 on page 116).
2. To enable FIPS mode, enter:
"<te_root>\bin\tetool" fips --enable
Where <te_root> is the installation directory for TE Agent software.

3. Start the TE Agent services (see Table 28 on page 116).
Step 2. Enabling FIPS Mode on your Tripwire Enterprise Server
To enable FIPS mode on your TE Server, run the following commands at a command
prompt on the TE Server:
1. Stop the Tripwire Enterprise Console services by running the appropriate command for the
server's platform (see Table 27 on page 115).
2. To enable FIPS mode, enter:
"<te_root>\bin\tetool" fips --enable
Where <te_root> is the installation directory for TE Console software.

3. Start the TE Console services (see Table 27 on page 115).
Tip To run a report that identifies the TE Agents on which FIPS mode has been enabled,
run the following command:
<tetool> fips -agent-report
In the report output:
0 indicates an Agent that has yet to register itself with your TEServer.
1 indicates an Agent without FIPS mode enabled.
2 indicates an Agent with FIPS mode enabled.
3 indicates that FIPS mode has also been enabled on your TE Server, and the
Agent and TE Server have successfully connected in FIPS mode.
Step 3. Restart Tripwire Enterprise Agent Services
To complete the configuration of FIPS mode, you must run the restart command on each FIPS-
enabled Agent system. For appropriate formats, (see Table 28 on page 116).
Index
64-bit
Upgrading Tripwire Enterprise Console to 50
admin file
creating for Solaris Agent installation 81
Agent update packs
installing for upgrade of Tripwire Enterprise Agent 90
AIX
additional requirements for TE Agent 59
installing Tripwire Enterprise Agent on 60
interactive installation of Agent 60
restoring audit configuration files 64
silent installation of Agent 62
Apple OS X
backing up
Tripwire Enterprise data 108
browsers
see Web browsers 23
command lines
components for package file in silent Agent installation on Solaris 82
components for response file in silent Agent installation on Solaris 81
components for silent Agent installation on AIX 63
components for silent Agent installation on Linux 76
Tripwire Enterprise 8.3 Installation & Maintenance Guide 126 Index

components for silent Agent installation on Windows 85
variables for backup of Tripwire Enterprise data 109
variables for restoration of Tripwire Enterprise data 111
configuring
a firewall for a TE proxy 105
a remote Microsoft SQL Server database 29
a remote Oracle database 28
a TE proxy for Agent communication 102
a TE Server for use with a TE proxy 102
a Tripwire Enterprise Server for use with Multiple NICs 101
FIPS mode 124
TE Agents for communication with a TE proxy 104
Tripwire Enterprise Agent for use with Multiple NICs 101
Tripwire Enterprise inside a Network Address Translation (NAT) environment 99
database-index statistics
recalculating 123
database indices
about 121
recalculating statistics for 123
database passphrase
changing 114
setting 26
disabling
tasks in upgrade of a single-system installation 42
distributed installations
defined 13
upgrading to current version of Tripwire Enterprise Console 46
End-User License Agreement

see EULA 13
EULA
for Tripwire Enterprise Agent 56
for Tripwire Enterprise Console 13

Event Generators
managing services 118
Fast Track
using to configure Tripwire Enterprise 95
FIPS mode
defined 124
firewalls
configuring for use with a TE proxy 105
Global Event Source

configuring for non-global zones on Solaris 79
HP-UX
installation
preparation for Tripwire Enterprise Agent 57
preparation for Tripwire Enterprise Console 14
requirements for Tripwire Enterprise Agent 56
requirements for Tripwire Enterprise Console 13
upgrade overview 40
installing
a remote database 26
a remote MySQL database 27
a TE proxy 103
Agent update packs for upgrade of Tripwire Enterprise Agent 90
distributed installation of Tripwire Enterprise Console 26

preparing for new installation of Tripwire Enterprise Console 14
single-system installation of Tripwire Enterprise Console 24
Tripwire Enterprise Agent on AIX 60
Tripwire Enterprise Agent on Apple OS X 65
Tripwire Enterprise Agent on HP-UX 69
Tripwire Enterprise Agent on Linux 73
Tripwire Enterprise Agent on Solaris 77
Tripwire Enterprise Agent on Windows 83
Tripwire Enterprise Console software in a distributed installation 37
interactive installation
defined 56
Linux
additional requirements for TE Agent on RHEL 4 59
logging in
overview 94
to a new Tripwire Enterprise installation 95
to an upgraded Tripwire Enterprise installation 96
maintenance
of Tripwire Enterprise 107
of Tripwire Enterprise Console database 121
managing
Tripwire Enterprise Agent services 116
Tripwire Enterprise Console databases 121
Tripwire Enterprise Console services 115
Tripwire Enterprise Event Generators 118
Tripwire Enterprise services with the Solaris Service Management Facility 120
NAT
using with Tripwire Enterprise 99

Network Address Translation
see NAT 99
network requirements
for a Tripwire Enterprise Server 20
NIC
configuring a Tripwire Enterprise Server for use with multiple NICs 101
configuring Tripwire Enterprise Agents for use with multiple NICs 101
Oracle RAC
using with Tripwire Enterprise 38
passphrases
changing the database passphrase 114
changing the services passphrase 113
setting the database passphrase 26
platforms
supported by Tripwire Enterprise Agent 59
supported by Tripwire Enterprise Console 21
ports
default ports for a remote database server 23
in a Tripwire Enterprise implementation 19
optional outbound ports for a Tripwire Enterprise Server 21
required for a Tripwire Enterprise Server 20
requirements for Tripwire Enterprise Agent 59
properties
for a TE proxy system 104
remote database servers

defined 13
requirements for 23
remote databases
changing the passphrase for 114

configuring a remote Microsoft SQL Server database 29
configuring a remote Oracle database 28
defined 13
installing 26
installing a remote MySQL database 27
uninstalling 54
requirements
additional for a Solaris or Linux Tripwire Enterprise Server 22
for a remote database server 23
restarting
Agents during upgrade of single-system installation 44
Agents following upgrade of a distributed installation 48
restoring
Tripwire Enterprise data 110
services
installed with Tripwire Enterprise Agent 58
installed with Tripwire Enterprise Console 16
services passphrase
changing 113
silent installation
defined 56
single-system installations
defined 13
upgrading to current version of Tripwire Enterprise Console 42
Solaris
configuring the Global Event Source for non-global zones 79
Solaris Service Management Facility
managing TE services with 120

starting
a MySQL Tripwire Enterprise Console database 122
stopping
a MySQL Tripwire Enterprise Console database 122
services for upgrade of distributed installation 47
system requirements
tag files
about 87
tags
assigning to new Agents with tag files 87
tasks
disabling for upgrade of distributed installation 46
disabling for upgrade of single-system installation 42
enabling after upgrade of a distributed installation 49
enabling after upgrade of single-system installation 44
TE proxies
configuring for Agent communication 102
installing 103
properties 104
Tripwire Enterprise
about implementations 13
backing up Tripwire Enterprise data 108
logging in to a new installation 95
logging in to an upgraded installation 96
login overview 94
maintenance of 107
port configuration 19
restoring Tripwire Enterprise data 110
using with NAT 99
Tripwire Enterprise Agent
assigning tags with tag files 87
configuring a TE proxy for 102
configuring for communication with a TE proxy 104

configuring for use with multiple NICs 101
defined 56
EULA 56
installation requirements 56
installing on AIX 60
installing on Apple OS X 65
installing on HP-UX 69
installing on Linux 73
installing on Solaris 77
installing on Windows 83
interactive installation for AIX 60
interactive installation for Apple OS X 65
interactive installation for HP-UX 69
interactive installation for Linux 73
interactive installation for Solaris 77
interactive installation for Windows 83
network requirements 59
port requirements 59
preparing for installation 57
requirements for 59
restarting after upgrade of a distributed installation 48
restarting during upgrade of single-system installation 44
services installed 58
silent installation for AIX 62
silent installation for Apple OS X 67
silent installation for HP-UX 71
silent installation for Linux 75
silent installation for Solaris 80
silent installation for Windows 84
supported platforms 59
uninstalling 92
upgrading software 91
Tripwire Enterprise Console
configuring for use with multiple NICs 101
distributed installation 26
EULA 13
installation requirements 13
installer directories and commands 27, 39

installing in a distributed installation 37
preparing for a new installation 14
preparing for an upgrade 15
requirements for 20
requirements for a remote database server 23
services installed 16
single-system installation 24
stopping services for upgrade of distributed installation 47
supported platforms and system requirements 21
supported Web browsers 23
uninstalling 52
upgrade overview 40
upgrade paths for older versions 40
upgrading a remote database in a distributed installation 47
upgrading distributed installations 46
upgrading single-system installations 42
upgrading software and database for a single-system installation 43
upgrading software in a distributed installation 48
upgrading to 64-bit 50
Tripwire Enterprise Console database
about maintenance 121
backing up data 108
defined 13
managing 121
recalculating database-index statistics 123
restoring data 110
starting a MySQL database 122
stopping a MySQL database 122
Tripwire Enterprise proxies
see TE proxies 102
Tripwire Enterprise Servers
additional requirements for Solaris and Linux 22
configuring for use with a TE proxy 102
defined 13
network requirements for 20
requirements for 20
system requirements for 21

U
uninstalling
a remote database 54
Tripwire Enterprise Agent 92
Tripwire Enterprise Console software 52
upgrading
a remote database in a distributed installation 47
distributed installations of Tripwire Enterprise Console 46
overview for Tripwire Enterprise Console 40
preparing for Tripwire Enterprise Console 15
restarting Tripwire Enterprise Agents for distributed installation 48
restarting Tripwire Enterprise Agents for single-system installation 44
single-system installations of Tripwire Enterprise Console 42
Tripwire Enterprise Agent software 91
Tripwire Enterprise Console software and database for single-system installation 43
Tripwire Enterprise Console software in a distributed installation 48
Tripwire Enterprise Console to 64-bit 50
upgrade paths for Tripwire Enterprise Console 40
Web browsers
supported by Tripwire Enterprise 23
Windows

Manual de TripWire Super

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Manual de TripWire Super

Încărcat de

Drepturi de autor:

Formate disponibile

TRIPWIRE

TRIPWIRE ENTERPRISE 8.3

About This Guide 9

Chapter 1. Installing Tripwire Enterprise Console 12

Tripwire Enterprise 8.3 Installation & Maintenance Guide 5 Contents

Chapter 2. Installing Tripwire Enterprise Agent 55

Chapter 4. Post-Installation Configuration 98

Tripwire Enterprise 8.3 Installation & Maintenance Guide 6 Contents

Chapter 5. Maintenance Procedures 106

Tripwire Enterprise 8.3 Installation & Maintenance Guide 7 Contents

Angle Indicates placeholders for user-entered values.

101 SW Main St., Ste. 1500

Tripwire Technical Support

Online support: https://www.tripwire.com/customers

Tripwire Professional Services

Tripwire Professional Services provides a wide range of services, including Tripwire

Tripwire Educational Services

About Your Tripwire Enterprise Implementation

You can install TE Console with either of the following methods:

In a distributed installation, the TE Console database is also referred to as a remote database.

Tip For a list of supported databases, see:

Tripwire recommends a distributed installation if you intend to monitor file servers

To upgrade from a single-system installation to a distributed installation of TE

The End-User License Agreement

l Single-System Installation of Tripwire Enterprise Console (on page 24)

Prior to upgrading to this version of TE Console, complete the following steps:

Caution Tripwire recommends upgrading TE Console during a scheduled maintenance

l Requirements for a Tripwire Enterprise Server (on page 20)

Table 1. Services installed with Tripwire Enterprise Console on Linux systems

9898 Y Incoming RMI from TE

9899 N Incoming RMI from TE

3306 N Server database

69 Y Network device TFTP

61616 N ActiveMQ message broker

twrtmd 1169 N Agent event queue

TE Console only twservices 443 Y End user web UI

9898 Y Incoming RMI from TE

9899 N Incoming RMI from TE

69 Y Network device TFTP

61616 N ActiveMQ message broker

twrtmd 1169 N Agent event queue

MySQL database only twdatabase 3306 Y Server database

9898 Y Incoming RMI from TE

9899 N Incoming RMI from TE

3306 N Server database

69 Y Network device TFTP

61616 N ActiveMQ message broker

teeg 1169 N Agent event queue

TE Console only twservices 443 Y End user web UI

9898 Y Incoming RMI from TE

9899 N Incoming RMI from TE

69 Y Network device TFTP

61616 N ActiveMQ message broker

twrtmd 1169 N Agent event queue

MySQL database only twdatabase 3306 Y Server database

9898 Y Incoming RMI from TE

69 Y Network device TFTP

61616 N ActiveMQ message

Tripwire Enterprise 9899 N Incoming RMI from TE

Tripwire Detection 1169 N Agent event queue

MySQLTripwire 3306 N Server database

TE Console only Tripwire Enterprise 443 Y End user web UI

9898 Y Incoming RMI from TE

69 Y Network device TFTP