/ BLOG / Tripwire

Tripwire is another one of those things which I’ve been meaning to play with for a long time. Ideally you should install it at the same time as rkhunter and chkrootkit, before you let your box loose on the global intarweb (precautions are a good thing). Unfortunately for various reasons I’ve not ever done it. I’m a fool, as it’s pretty simple.

  1. Install it using your package manager. By default Etchs package will ask if you want to run the bundled twinstall.sh script. You should answer yes, and follow the instructions to create a site and local password. Obviously make them secure.
  2. Create the initial database (this may take some time). You may wish to run this now, or after creating your own policy. It will depends on your system.
    tripwire –init
  3. Edit the human readable policy file to adjust the configuration. The default file will be found in /etc/tripwire/twpol.txt
  4. Update the policy tripwire looks at:
    tripwire –update-policy /etc/tripwire/twpol.txt
    You may need to run this twice to pick up the new policy file.
  5. Run a quick
    tripwire –check
    You should notice that there are no errors reported, if all is well.
Don’t forget when you update any packages, or add any new packages, to run an update to pickup the new files and add them to the database
tripwire –update