For years we’ve been heavily leveraging Tripwire to perform localized HBIDS: http://www.tripwiresecurity.com/ But more recently we’ve been experimenting with the Open Source and versatile Samhain: http://www.la-samhna.de/samhain
-
-
Basic Installation of TripWire
I originally posted this at http://www.318.com/TechJournal To install Tripwire, run in the folder that you have extracted the tripwire files into sudo ./install.sh Then enter passphrases/passwords when asked Then enter the shortname of the primary user of tripwire Allow the system to define the baseline state of the Server. To update your tripwire database after making system changes run this command: ./tripwire -m u -r ../report/day-month-year-initials.twr To update your tripwire config, change the /usr/local/etc/twcfg.txt file and run this command ./twadmin -m F -S ../key/site.key ../../etc/twcfg.txt To enforce a new policy, edit the /usr/local/tripwire/policy/twpol.txt file and run this command: ./twadmin -m p > ../policy/twpol.txt To view Tripwire reports run this command…