Linux setup steps/installing and configuring tripwire

From Nick Jenkins

Jump to: navigation, search

Installing and configuring tripwire: 

aptitude install tripwire

Setup questions: 

Do you wish to create/use your local key pass-phrase / site pass during installation? --> Yes to both
Rebuild files? --> Yes to both
Will probably also need to specify a local and a site passphrase. Record both of these, will need them later.

Initialize tripwire baseline with: 

/usr/sbin/tripwire --init

This will generate a lot of errors. Now comment out the files / entries that are not on this system, or that generated errors: 

nano /etc/tripwire/twpol.txt

Then run this command to apply the policy: 

twadmin -m P /etc/tripwire/twpol.txt

Then reinitialize tripwire with this policy: 

/usr/sbin/tripwire --init

Then repeat the above 3 steps until there are no errors. Can also add stop points to the twpol.txt file to exclude files, like so: 

!/lib/init/rw;   # exclude this file - is on a different file system.

Then do a test system check (this should be completely or mostly empty): 

/usr/sbin/tripwire --check

Then to update the tripwire database, such as when packages are upgraded or installed, do this: 

/usr/sbin/tripwire -m c -I
Retrieved from "http://nickj.org/Linux_setup_steps/installing_and_configuring_tripwire"
Personal tools