colin
/
tripwire-open-source
mirror of https://github.com/Tripwire/tripwire-open-source.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Open Source Tripwire®
217 Commits 2 Branches 8 Tags 4.5 MiB
C++ 80.9%
Makefile 8.3%
C 3.1%
Perl 3.1%
Shell 3%
Other 1.5%
Go to file
Circuit Static 551279e64c Merge 64a8287667 into 7af2781a19 2017-04-02 07:19:48 +00:00
contrib Add twpolmake.pl to contrib folder 2016-07-01 19:43:00 -07:00
installer Tweak message about documentation location at end of install, so it points somewhere real vs. an empty string 2017-03-31 00:02:14 -07:00
man Fix man page handling in make install 2017-02-20 17:03:24 -08:00
policy Open Source Tripwire 2.4.2.2 2015-05-03 22:26:18 -07:00
src Tweak unit test error reporting slightly 2017-03-31 23:08:44 -07:00
.gitignore Address more cppcheck warnings, mostly around assignment operators & explicit constructors 2017-03-15 23:41:23 -07:00
COMMERCIAL Update COMMERCIAL file to be more informative & remove non-working links 2017-01-15 18:06:20 -08:00
COPYING Open Source Tripwire 2.4.2.2 2015-05-03 22:26:18 -07:00
ChangeLog Update Changelog & fix a hyphen in ReadMe 2017-03-30 23:05:37 -07:00
LICENSE Initial commit 2015-05-03 22:05:54 -07:00
MAINTAINERS Large file tweaks for e.g. 32-bit Linux; update ReadMe & ChangeLog again. 2016-04-11 20:29:37 -07:00
Makefile.am Tweaks for 'make check': Don't assume location of perl, or existence of /etc/hosts 2017-03-16 20:51:12 -07:00
Makefile.in Tweaks for 'make check': Don't assume location of perl, or existence of /etc/hosts 2017-03-16 20:51:12 -07:00
Packaging Update 'Packaging' file slightly 2016-04-12 11:03:24 -07:00
README.md Merge 64a8287667 into 7af2781a19 2017-04-02 07:19:48 +00:00
ReadMe-2.4.3 Update Changelog & fix a hyphen in ReadMe 2017-03-30 23:05:37 -07:00
TRADEMARK Open Source Tripwire 2.4.2.2 2015-05-03 22:26:18 -07:00
acinclude.m4 Update buildsys for oddball platforms that don't support hardlinks, or have gethostbyname() in a weird library. Still generated w/ older v1.8.x automake/aclocal in order to keep diffs a reviewable size. 2016-03-25 10:59:56 -07:00
aclocal.m4 Update buildsys to automake 1.15 and fix resulting warnings. This involved an autoreconf -if, and then reverting config.guess and config.sub since they're actually newer than the ones automake wants to install, and they've been customized a bit to detect e.g. MidnightBSD 2016-06-06 19:51:38 -07:00
autogen.sh Merge in contributed files from 2.4.2.3 fork (https://github.com/steakknife/tripwire); Update ChangeLog, Maintainers, Packaging & ReadMe to reflect changes & credit contributors 2016-04-03 20:27:07 -07:00
autogen.sh.README Merge in contributed files from 2.4.2.3 fork (https://github.com/steakknife/tripwire); Update ChangeLog, Maintainers, Packaging & ReadMe to reflect changes & credit contributors 2016-04-03 20:27:07 -07:00
config.guess Update config.guess and config.sub for MidnightBSD 2016-03-26 23:25:54 -07:00
config.h.in Use a non-default compiler list in AC_PROG_CC and AC_PROG_CXX, since autoconf/automake still doesn't know what Clang is. 2017-01-16 20:56:58 -08:00
config.sub Update config.guess and config.sub for MidnightBSD 2016-03-26 23:25:54 -07:00
configure Remove installer check for tar since installer doesn't actually use it; remove some cleanup meant for an ancient patch lost in the mists of time 2017-03-27 18:49:07 -07:00
configure.ac Remove installer check for tar since installer doesn't actually use it; remove some cleanup meant for an ancient patch lost in the mists of time 2017-03-27 18:49:07 -07:00
install-sh Update buildsys to automake 1.15 and fix resulting warnings. This involved an autoreconf -if, and then reverting config.guess and config.sub since they're actually newer than the ones automake wants to install, and they've been customized a bit to detect e.g. MidnightBSD 2016-06-06 19:51:38 -07:00
missing Update buildsys to automake 1.15 and fix resulting warnings. This involved an autoreconf -if, and then reverting config.guess and config.sub since they're actually newer than the ones automake wants to install, and they've been customized a bit to detect e.g. MidnightBSD 2016-06-06 19:51:38 -07:00
mkinstalldirs Update buildsys to automake 1.15 and fix resulting warnings. This involved an autoreconf -if, and then reverting config.guess and config.sub since they're actually newer than the ones automake wants to install, and they've been customized a bit to detect e.g. MidnightBSD 2016-06-06 19:51:38 -07:00
touchconfig.sh Add config.h.in to touchconfig script 2016-06-06 22:18:48 -07:00

README.md

#Open Source Tripwire®

Open Source Tripwire® software is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. The project is based on code originally contributed by Tripwire, Inc. in 2000.

Open Source Tripwire is suitable for monitoring a small number of Linux servers, where centralized control and reporting is not needed and professional support or system automation is not a requirement.

#General Instruction

The tripwire package comes with a basic configuration file /etc/tripwire/twcfg.txt, which sets the mandatory variables to the defaults as described in the twconfig(4) manual page. This configuration is merely enough to set tripwire to work.

The following five steps can serve you as a quick cookbook for setting tripwire to work.

  1. Choose a convenient HOSTNAME and generate site and local keys using

    twadmin --generate-keys -L /etc/tripwire/${HOSTNAME}-local.key twadmin --generate-keys -S /etc/tripwire/site.key

    This creates the files named above as arguments.

  2. Compile the configuration file with

    twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt

    This creates file /etc/tripwire/tw.cfg.

  3. Create a policy file. A complex example can be found in /usr/share/doc/packages/tripwire/twpol-Linux.txt. For test purposes, a single rule

    /bin -> $(ReadOnly); # the ending semicolon is mandatory

    or alike will do. Compile this with

    twadmin --create-polfile -S /etc/tripwire/site.key /etc/tripwire/twpol.txt

    provided /etc/tripwire/twpol.txt is the name of your policy file. This creates file /etc/tripwire/tw.pol.

  4. Generates a baseline database (snapshot of the objects residing on the system, according to the installed policy file) using

    tripwire --init

    This creates file /var/lib/tripwire/${HOSTNAME}.twd.

  5. You can check the system with

    tripwire --check

    This prints a report on the standard output and generates file /var/lib/tripwire/report/${HOSTNAME}-YYYYMMDD-HHMMSS.twr. The report can be redisplayed using

    twprint --print-report -r /var/lib/tripwire/report/${HOSTNAME}-YYYYMMDD-HMMSS.twr