I originally posted this at http://www.318.com/TechJournal
To install Tripwire, run in the folder that you have extracted the tripwire files into
sudo ./install.sh
Then enter passphrases/passwords when asked
Then enter the shortname of the primary user of tripwire
Allow the system to define the baseline state of the Server.
To update your tripwire database after making system changes run this command:
./tripwire -m u -r ../report/day-month-year-initials.twr
To update your tripwire config, change the /usr/local/etc/twcfg.txt file and run this command
./twadmin -m F -S ../key/site.key ../../etc/twcfg.txt
To enforce a new policy, edit the /usr/local/tripwire/policy/twpol.txt file and run this command:
./twadmin -m p > ../policy/twpol.txt
To view Tripwire reports run this command
./twprint -m r -r ../report/*.twr
→ the * in this command is meant to demote your latest twr file
To scan what changes have been made to the system, cd into this directory /usr/local/tripwire/bin and run
./tripwire -m c
To email these changes to the email address listed in the config file, run ./tripwire –m c -M