Tripwire

From Edgar BV Wiki
Jump to navigation Jump to search

Tripwire!

To create a new policy file, first edit the textfile and then:

twadmin --create-polfile ./filename

To print out the tripwire encoded policy

twadmin -m p

To create a new config file, first edit the textfile and then:

twadmin -m F -S /etc/tripwire/site.key ./twcfg.txt

To print out the tripwire encoded configuration:

twadmin -m f

To update the new configuration:

tripwire --init

To check if changes have been made:

tripwire --check --email-report

To print reports:

twprint -m r --twrfile /var/lib/tripwire/report/reportname.twr

To see the tripwire database:

twprint -m d --print-dbfile

To see a specific file in the database:

twprint -m d --print-dbfile /path/filename

To accept the changes:

tripwire --update --twrfile /var/lib/tripwire/report/reportname.twr

Then in vi if you want to accept a change, keep the 'x' before the filename. If you want the error to occur again when there's a check, remove the 'x'. Save and quit and the database will be updated.

To test email functionality: tripwire --test --email your@email.address