Difference between revisions of "Tripwire"

From Alessandro's Wiki
Line 5: Line 5:
== configuration / installation ==
== configuration / installation ==


* installaing from repositories:
=== installaing from repositories ===
* debian based
  apt-get install tripwire
  apt-get install tripwire
* red-hat
* red-hat based
  yum install tripwire
  yum install tripwire
* gentoo
* gentoo
  emerge app-admin/tripwire
  emerge app-admin/tripwire
=== first run ===


* first install:
* first install:

Revision as of 07:58, 22 September 2011

http://www.tripwire.com/

  • tripwire is a security tool to check for modified system files.

configuration / installation

installaing from repositories

  • debian based
apt-get install tripwire
  • red-hat based
yum install tripwire
  • gentoo
emerge app-admin/tripwire

first run

  • first install:
/etc/tripwire/twinstall.sh
  • Generate database with passwords:
tripwire -m i
  • edit config file:
vi /etc/tripwire/twcfg.txt
  • change this to false at first run. Put it back to true after directory rescan.

LOOSEDIRECTORYCHECKING =true

  • edit policy file:
vi /etc/tripwire/twpol.txt
  • adapt policy to the system:
tripwire --update-policy -Z low /etc/tripwire/twpol.txt
Retrieved from "https://wiki.alessandro.delgallo.net//index.php?title=Tripwire&oldid=5682"