For example, you may want to add monitoring for /etc/nginx if you have Nginx installed, or disable integrity checking for Korn shell /bin/ksh if it’s not present on the system.
Open the file /etc/tripwire/twpol.txt for editing and configure to match the system Tripwire is installed on. GLOBALEMAIL Tripwire Policy File twpol.txt LOCALKEYFILE =/etc/tripwire/$(HOSTNAME)-local.key REPORTFILE =/var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr The content of our file is listed below for references: ROOT =/usr/sbinĭBFILE =/var/lib/tripwire/$(HOSTNAME).twd
Open the file /etc/tripwire/twcfg.txt for editing and modify as required. Initialise the Tripwire database file: # /usr/sbin/tripwire -init Tripwire Configuration File twcfg.txt Generate the system-specific cryptographic key files: # /usr/sbin/tripwire-setup-keyfiles
Install Tripwire: # yum install tripwire Configuration Open Source Tripwire functions as a host-based intrusion detection system. Open Source Tripwire is a free software security and data integrity tool useful for monitoring and alerting on specific file changes on a range of systems.