Tripwire quick guide

Tripewire Quick Guide

This short howto describes how to setup Tripwire.

  1. Install
    • RedHat Linux
       # rpm -Uvh tripwire<>.rpm 
    • Debian GNU/Linux
       # apt-get install tripwire 
    • FreeBSD
      root@freebsd # cd /usr/ports/security/tripwire
      root@freebsd # make install clean
  2. Config
    • RedHat Linux

      Debian and FreeBSD will setup the key files during the installation

       # tripwire-setup-keyfiles

      choose a site password to generate the site.key
      choose a local password to generate the local (hostname).key

      the site key protects the cfg file and policy file
      the local key protects the tripwire database.

      /etc/tripwire/tw.cfg will be generated from twcfg.txt
      /etc/tripwire/tw.pol will be generated from twpol.txt
  3. initialize database
     # tripwire --init 
  4. Check
     # tripwire --check 
  5. print report
     # twprint -m r --twrfile /var/lib/tripwire/report/pluto.stafnet-20100406-153853.twr 
  6. view encrypted policy   config
     # twadmin --print-cfgfile
    # twadmin --print-polfile
  7. Print the tripwire database
     # twprint -m d --print-dbfile 
  8. resolving violations
     # tripwire --update --twrfile /var/lib/tripwire/report/pluto.stafnet-20100406-144658.twr 
  9. Update policy   configuration
     # twadmin --create-cfgfile --cfgfile tw.cfg --site-keyfile site.key twcfg.txt
    # twadmin --create-polfile --cfgfile tw.cfg --polfile tw.pol --site-keyfile site.key twpol.txt
    # tripwire --init