Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 01-07-2006, 04:11 PM   #1
Registered: Nov 2004
Location: Scotland
Distribution: Suse 10 - Running KDE
Posts: 314

Rep: Reputation: 30
Red face Anyone know about tripwire?

Anyone know if tripwire is any good? Ive heard it can protect a system well, does it have a graphical frontend?

Old 01-07-2006, 04:49 PM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
what is it with you and GUI's???
Old 01-07-2006, 05:19 PM   #3
Senior Member
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,125

Rep: Reputation: 165Reputation: 165
I use tripwire tripwire- from sourceforge - it's very good but you have to be willing to work with it. There's no GUI, but the steps to get it running from sources are...

Starting in the extracted source directory:

# NOTE: You may have to use `ln -s contrib install` before the make install will work
make install
The `make install` step will generate your keys (you will be prompted for the passphrase) and the config/policy files. These files are in /usr/local/etc with a default install like the one above. Change to /usr/local/etc. Check that twcfg.txt & twpol.txt are correct for your setup. If not you will have to re-generate the binaries from these with:

twadmin --create-cfgfile --verbose --site-keyfile site.key twcfg.txt
twadmin --create-polfile --verbose --cfgfile tw.cfg --site-keyfile site.key twpol.txt
tripwire --init --cfgfile tw.cfg
There may be errors because of missing files/directories. Modify twpol.txt and re-run the above steps. The tripwire database will be created in /usr/local/lib/tripwire. Next, create the file `/etc/cron.daily/tripwire-check` with the following contents:

HOST_NAME=`uname -n`
if [ ! -e /usr/local/lib/tripwire/${HOST_NAME}.twd ] ; then
        echo "****    Error: Tripwire database for ${HOST_NAME} not found.    ****"
        echo "**** Run "tripwire --init". ****"
  test -f /usr/local/etc/tw.cfg && /usr/local/sbin/tripwire --check --email-report-level 1 --email-report
You will have a report generated each day based on your policy settings. Run:

/usr/local/sbin/tripwire --update --polfile /usr/local/etc/tw.pol --twrfile /usr/local/lib/tripwire/report/<reportname>
Audit the changes and apply or check them out as necessary.

One last thing, make sure only root can read the tripwire files and keep backups of everything - especially the plain text config and policy files.

Hope that helps - it's not exact so be prepared to improvise...


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
tripwire-2.3.1-2 jacky Red Hat 1 08-11-2004 04:47 PM
tripwire help spideywebsling Linux - Security 1 07-09-2004 04:57 PM
I need tripwire help Darkangel90 Slackware 2 04-22-2004 01:15 AM
tripwire reports /usr/sbin/tripwire changed alfaalfabeta Linux - Security 5 07-22-2003 05:52 PM
Tripwire? janderson622 Linux - Security 2 05-01-2001 12:33 PM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 11:37 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration