/ BLOG / Tripwire
Tripwire is another one of those things which I’ve been meaning to play with for a long time. Ideally you should install it at the same time as rkhunter and chkrootkit, before you let your box loose on the global intarweb (precautions are a good thing). Unfortunately for various reasons I’ve not ever done it. I’m a fool, as it’s pretty simple.
- Install it using your package manager. By default Etchs package will ask if you want to run the bundled twinstall.sh script. You should answer yes, and follow the instructions to create a site and local password. Obviously make them secure.
- Create the initial database (this may take some time). You may wish to run this now, or after creating your own policy. It will depends on your system.
- Edit the human readable policy file to adjust the configuration. The default file will be found in /etc/tripwire/twpol.txt
- Update the policy tripwire looks at:
tripwire –update-policy /etc/tripwire/twpol.txtYou may need to run this twice to pick up the new policy file.
- Run a quick
tripwire –checkYou should notice that there are no errors reported, if all is well.