Tripwire: Difference between revisions

From James's Wiki
No edit summary
No edit summary
Line 29: Line 29:
  sudo tripwire -m c -I
  sudo tripwire -m c -I


reports are saved in:
==Reports and Logs==
  ls /var/lib/tripwire/report/
Tripwire reports are saved in /var/lib/tripwire/report/ and date stamped.
  sudo ls /var/lib/tripwire/report/


==References==
==References==

Revision as of 13:28, 4 March 2018


Install

You will set pass phrases ect during the package install. 

sudo apt install tripwire

After install you have to initialize the database. 

sudo tripwire --init

Then run a check, you will find some errors, fixing some of these requires editing the policy file. 

sudo tripwire --check


after editing the policy file do this: 

sudo twadmin -m P /etc/tripwire/twpol.txt

sudo tripwire --init

sudo tripwire --check

after editing the configuration file: 

sudo twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt

if the passwords arn't set up for whatever reason: 

sudo dpkg-reconfigure tripwire

to update changes to your system the easy way: 

sudo tripwire -m c -I

Reports and Logs

Tripwire reports are saved in /var/lib/tripwire/report/ and date stamped. 

sudo ls /var/lib/tripwire/report/

References

https://www.howtoforge.com/tutorial/how-to-monitor-and-detect-modified-files-using-tripwire-on-ubuntu-1604/

https://www.digitalocean.com/community/tutorials/how-to-use-tripwire-to-detect-server-intrusions-on-an-ubuntu-vps

Retrieved from "https://wiki.jamesclaus.com/index.php?title=Tripwire&oldid=248"
Powered by MediaWiki