The monitoring policy is derived from /etc/tripwire/twpol.txt, a plain text file that you can edit.
To use tripwire you first create the site key and local key:
sudo twadmin -m G -L /etc/tripwire/$(uname -n)-local.key \
-S /etc/tripwire/site.key
Then create binary configuration file and binary policy file from the corresponding source text files:
sudo twadmin -m F --site-keyfile /etc/tripwire/site.key /etc/tripwire/twcfg.txt && sudo twadmin -m P --site-keyfile /etc/tripwire/site.key /etc/tripwire/twpol.txt
Now initialize the tripwire database:
sudo tripwire --init
To see the effect of file monitoring, try changing the files that are set for monitoring in the policy, for example adding new.conf to /etc:
sudo touch /etc/new.conf
We check with the following command:
sudo tripwire --check
The results are as follows:
Parsing policy file: /etc/tripwire/tw.pol
*** Processing Unix File System ***
Performing integrity check…
Wrote report file: /var/lib/tripwire/report/omarine-20180826-084906.twr
Open Source Tripwire(R) 2.4.3.7 Integrity Check Report
Report generated by: root
Report created on: Sun 26 Aug 2018 08:49:06 AM +07
Database last updated on: Never
===============================================================================
Report Summary:
===============================================================================
Host name: omarine
Host IP address: 192.168.0.1
Host ID: None
Policy file used: /etc/tripwire/tw.pol
Configuration file used: /etc/tripwire/tw.cfg
Database file used: /var/lib/tripwire/omarine.twd
Command line used: tripwire –check
===============================================================================
Rule Summary:
===============================================================================
——————————————————————————-
Section: Unix File System
——————————————————————————-
Rule Name Severity Level Added Removed Modified
——— ————– —– ——- ——–
Tripwire Binaries 0 0 0 0
Tripwire Data Files 0 0 0 0
RPM Checksum Files 0 0 0 0
* Global Configuration Files 0 1 0 1
Total objects scanned: 1693
Total violations found: 2
===============================================================================
Object Summary:
===============================================================================
——————————————————————————-
# Section: Unix File System
——————————————————————————-
——————————————————————————-
Rule Name: Global Configuration Files (/etc)
Severity Level: 0
——————————————————————————-
Added:
“/etc/new.conf”
Modified:
“/etc”
===============================================================================
Error Report:
===============================================================================
No Errors
——————————————————————————-
*** End of report ***
Open Source Tripwire 2.4 Portions copyright 2000-2018 Tripwire, Inc. Tripwire is a registered
trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY;
for details use –version. This is free software which may be redistributed
or modified only under certain conditions; see COPYING for details.
All rights reserved.
Integrity check complete.
You rely on the report to take the necessary processing and recheck if needed. Once have no further processing, we update the tripwire database with the newly created report file, for example:
sudo tripwire --update --twrfile /var/lib/tripwire/report/omarine-20180826-084906.twr
The database will be updated with modification via the vi editor. If you agree to the default update of all items, just type :q to escape.
File integrity monitoring can be done automatically by scheduling with cron as follows:
echo "0 2 * * * /usr/sbin/tripwire --check --quiet" | sudo tee -a /var/spool/cron/crontabs/root
Report files are located in /var/lib/tripwire/report. To view the latest report, run the following command:
sudo twprint --print-report -r \
/var/lib/tripwire/report/$(ls -1 /var/lib/tripwire/report | tail -n1)
Artificial Intelligence Kiosk 