HOWTO Setup Tripwire: Difference between revisions

Setting Up a Tripwire Installation

# emerge tripwire
# cd /etc/tripwire
# tripwire --init
# twadmin --create-polfile twpol.txt
# twadmin --create-polfile -S hostname-local.key twpol.txt

Generate a Report

# tripwire --check

File System Error Messages

To get rid of "File system error." messages where the file or folder does not exist, comment out the culprits from /etc/tripwire/twpol.txt Then, update the policy file, delete and re-init the db:

# twadmin --create-polfile -S /etc/tripwire/site.key /etc/tripwire/twpol.txt
# rm /var/lib/tripwire/$hostname.twd
# tripwire --init

Now, run a check, followed by an update. This shifts files around, which will be flagged as "changed" on the next run, so re-run the check/update:

# tripwire --check
# tripwire --update --twrfile /var/lib/tripwire/report/hosname_date_time.twr
# tripwire --check
# tripwire --update --twrfile /var/lib/tripwire/report/hosname_date_time.twr

After System Changes

After you emerge packages or change config files:

# tripwire --update --twrfile /var/lib/tripwire/report/a_previous_integrity_report.twr