Tripwire: Difference between revisions
No edit summary |
No edit summary |
||
| Line 34: | Line 34: | ||
==References== | ==References== | ||
https://www.howtoforge.com/tutorial/how-to-monitor-and-detect-modified-files-using-tripwire-on-ubuntu-1604 | https://www.howtoforge.com/tutorial/how-to-monitor-and-detect-modified-files-using-tripwire-on-ubuntu-1604<br> | ||
https://www.digitalocean.com/community/tutorials/how-to-use-tripwire-to-detect-server-intrusions-on-an-ubuntu-vps<br> | |||
https://www.digitalocean.com/community/tutorials/how-to-use-tripwire-to-detect-server-intrusions-on-an-ubuntu-vps | https://www.techrepublic.com/article/example-2-a-sample-tripwire-policy-file/<br> | ||
Revision as of 13:35, 4 March 2018
Install
You will set pass phrases ect during the package install.
sudo apt install tripwire
After install you have to initialize the database.
sudo tripwire --init
Then run a check, you will find some errors, fixing some of these requires editing the policy file.
sudo tripwire --check
after editing the policy file do this:
sudo twadmin -m P /etc/tripwire/twpol.txt
sudo tripwire --init
sudo tripwire --check
after editing the configuration file:
sudo twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt
if the passwords arn't set up for whatever reason:
sudo dpkg-reconfigure tripwire
to update changes to your system the easy way:
sudo tripwire -m c -I
Reports and Logs
Tripwire reports are saved in /var/lib/tripwire/report/ and date stamped.
sudo ls /var/lib/tripwire/report/
References
https://www.howtoforge.com/tutorial/how-to-monitor-and-detect-modified-files-using-tripwire-on-ubuntu-1604
https://www.digitalocean.com/community/tutorials/how-to-use-tripwire-to-detect-server-intrusions-on-an-ubuntu-vps
https://www.techrepublic.com/article/example-2-a-sample-tripwire-policy-file/
