Tripwire: Difference between revisions

From James's Wiki
No edit summary
No edit summary
Line 1: Line 1:


==Install==
You will set pass phrases ect during the package install.
  sudo apt install tripwire
  sudo apt install tripwire


setpassphrases ect during install
After install you have to initialize the database.
 
  sudo tripwire --init
  sudo tripwire --init


Then run a check, you will find some errors, fixing some of these requires editing the policy file.
  sudo tripwire --check
  sudo tripwire --check


Revision as of 13:06, 4 March 2018


Install

You will set pass phrases ect during the package install. 

sudo apt install tripwire

After install you have to initialize the database. 

sudo tripwire --init

Then run a check, you will find some errors, fixing some of these requires editing the policy file. 

sudo tripwire --check


after editing the policy file do this: 

sudo twadmin -m P /etc/tripwire/twpol.txt

sudo tripwire --init

sudo tripwire --check

after editing the configuration file: 

sudo twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt

if the passwords arn't set up for whatever reason: 

sudo dpkg-reconfigure tripwire

to update changes to your system the easy way: 

sudo tripwire -m c -I

reports are saved in: 

ls /var/lib/tripwire/report/

References

https://www.howtoforge.com/tutorial/how-to-monitor-and-detect-modified-files-using-tripwire-on-ubuntu-1604/

https://www.digitalocean.com/community/tutorials/how-to-use-tripwire-to-detect-server-intrusions-on-an-ubuntu-vps

Retrieved from "https://wiki.jamesclaus.com/index.php?title=Tripwire&oldid=247"
Powered by MediaWiki