From Alessandro's Wiki
Jump to navigation Jump to search

  • tripwire is a security tool to check for modified system files.

configuration / installation

installaing from repositories

  • debian based
apt-get install tripwire
  • red-hat based
yum install tripwire
  • gentoo
emerge app-admin/tripwire

first run

  • first install:
  • if twcfg.txt modified, then regen sign:
twadmin -m P /etc/tripwire/twpol.txt
  • Generate database with passwords:
tripwire -m i
  • edit config file:
vi /etc/tripwire/twcfg.txt
  • change this to false at first run. Put it back to true after directory rescan.


  • edit policy file:
vi /etc/tripwire/twpol.txt
  • adapt policy to the system:
tripwire --update-policy -Z low /etc/tripwire/twpol.txt

gentoo specific

  • here is a BASH script to generate the configuration from installed packages:

  • run it like this:
cd /etc/tripwire
wget -O ''
chmod +x
./ > twpol.txt

... from this post:

... from this wiki

  • initial database cleaning from no-existent diles:
cd /etc/tripwire
tripwire --init 2> stufftoprune
  • convert list to only filenames
grep Filename stufftoprune | awk '{print $3}' > filestoprune
  • remove fileanme lines from file
cat filestoprune | xargs -i perl -pi.bak -e 's!\A(\s+){}\b!\1#{}!g' /etc/tripwire/twpol.txt