Mac OS X

Basic Installation of TripWire

I originally posted this at http://www.318.com/TechJournal

To install Tripwire, run in the folder that you have extracted the tripwire files into
sudo ./install.sh
Then enter passphrases/passwords when asked
Then enter the shortname of the primary user of tripwire
Allow the system to define the baseline state of the Server.

To update your tripwire database after making system changes run this command:
./tripwire -m u -r ../report/day-month-year-initials.twr

To update your tripwire config, change the /usr/local/etc/twcfg.txt file and run this command
./twadmin -m F -S ../key/site.key ../../etc/twcfg.txt

To enforce a new policy, edit the /usr/local/tripwire/policy/twpol.txt file and run this command:
./twadmin -m p > ../policy/twpol.txt

To view Tripwire reports run this command
./twprint -m r -r ../report/*.twr â†’ the * in this command is meant to demote your latest twr file

To scan what changes have been made to the system, cd into this directory /usr/local/tripwire/bin and run
./tripwire -m c
To email these changes to the email address listed in the config file, run ./tripwire –m c -M