Tripwire quick guide
ATripewire Quick Guide
This short howto describes how to setup Tripwire.
- Install
- RedHat Linux
# rpm -Uvh tripwire<>.rpm
- Debian GNU/Linux
# apt-get install tripwire
- FreeBSD
root@freebsd # cd /usr/ports/security/tripwire
root@freebsd # make install clean
- RedHat Linux
- Config
- RedHat Linux
Debian and FreeBSD will setup the key files during the installation
# tripwire-setup-keyfiles
choose a site password to generate the site.key
choose a local password to generate the local (hostname).key
the site key protects the cfg file and policy file
the local key protects the tripwire database.
/etc/tripwire/tw.cfg will be generated from twcfg.txt
/etc/tripwire/tw.pol will be generated from twpol.txt
- RedHat Linux
- initialize database
# tripwire --init
- Check
# tripwire --check
- print report
# twprint -m r --twrfile /var/lib/tripwire/report/pluto.stafnet-20100406-153853.twr
- view encrypted policy config
# twadmin --print-cfgfile
# twadmin --print-polfile - Print the tripwire database
# twprint -m d --print-dbfile
- resolving violations
# tripwire --update --twrfile /var/lib/tripwire/report/pluto.stafnet-20100406-144658.twr
- Update policy configuration
# twadmin --create-cfgfile --cfgfile tw.cfg --site-keyfile site.key twcfg.txt
# twadmin --create-polfile --cfgfile tw.cfg --polfile tw.pol --site-keyfile site.key twpol.txt
# tripwire --init