Tripwire quick guide
This short howto describes how to setup Tripwire.
Contents
Install
RedHat Linux
# rpm -Uvh tripwire<>.rpm Debian GNU/Linux
# apt-get install tripwire FreeBSD
root@freebsd # cd /usr/ports/security/tripwire
root@freebsd # make install cleanConfig
RedHat Linux
Debian and FreeBSD will setup the key files during the installation.
# tripwire-setup-keyfiles
choose a site password to generate the site.key
choose a local password to generate the local (hostname).key
the site key protects the cfg file and policy file
the local key protects the tripwire database.
/etc/tripwire/tw.cfg will be generated from twcfg.txt
/etc/tripwire/tw.pol will be generated from twpol.txt
Initialize database
# tripwire --init Check
# tripwire --check Print report
# twprint -m r --twrfile /var/lib/tripwire/report/pluto.stafnet-20100406-153853.twr View encrypted policy config
# twadmin --print-cfgfile
# twadmin --print-polfile Print the tripwire database
# twprint -m d --print-dbfile Resolving violations
# tripwire --update --twrfile /var/lib/tripwire/report/pluto.stafnet-20100406-144658.twr Update policy configuration
# twadmin --create-cfgfile --cfgfile tw.cfg --site-keyfile site.key twcfg.txt
# twadmin --create-polfile --cfgfile tw.cfg --polfile tw.pol --site-keyfile site.key twpol.txt
# tripwire --init