Home|Archives|Contact
« Daily Friction #119
Daily Friction #120 »

Tripwire Cheat Sheet

This is a very short Tripwire Cheatsheet with all common commands and maintainance action. No explanations or information on the command rundown. If anything is missing let me know.

Install the Tripwire RPM

Check if Tripwire already installed:

rpm -q tripwire

Install from RPM:

rpm -Uvh /mnt/cdrom/RedHat/RPMS/tripwire*.rpm

Configure Tripewire by editing the twcfg.txt file

vi /etc/tripwire/twcfg.txt

Run the install Script

/etc/tripwire/twinstall.sh

Initialize the Tripwire Database

/usr/sbin/tripwire --init

Running an Integrity Check

/usr/sbin/tripwire --check

Viewing & Examining Tripwire Reports

/usr/sbin/twprint -m r --twrfile /var/lib/tripwire/report/<name>.twr

Replace <name>.twr with the name of the report file.

View Tripwire Databases

/usr/sbin/twprint -m d --print-dbfile | less

Updating the Tripwire Database

/usr/sbin/tripwire --update --twrfile /var/lib/tripwire/report/<name>.twr

Replace <name>.twr with the name of the report file.

Updating the Tripwire Policy File
Export profile file from DB:

twadmin --print-polfile > /etc/tripwire/twpol.txt

Edit file:

vi /etc/tripwire/twpol.txt

Update policy file:

/usr/sbin/twadmin --create-polfile -S site.key /etc/tripwire/twpol.txt

Delete DB file:

rm /var/lib/tripwire/<name>.twd

Replace <name>.twd with the name of DB file.
Initialize the Tripwire Database

/usr/sbin/tripwire --init

Updating the Tripwire Configuration File
Export configuration file from DB:

twadmin --print-cfgfile > /etc/tripwire/twcfg.txt

Edit file:

vi /etc/tripwire/twcfg.txt

Regenerate a configuration file:

/usr/sbin/twadmin --create-cfgfile -S site.key /etc/tripwire/twcfg.txt

Sending Test Email Messages:

/usr/sbin/tripwire --test --email your@email.address

Tripwire File Locations
Executables:
/usr/sbin/tripwire
/usr/sbin/twadmin
/usr/sbin/twprint
Configuration files:
/etc/tripwire/twinstall.sh
/etc/tripwire/twcfg.txt
/etc/tripwire/tw.cfg
/etc/tripwire/twpol.txt
/etc/tripwire/tw.pol
/etc/tripwire/<name>.key
/var/lib/tripwire/<host_name>.twd
Reports:
/var/lib/tripwire/report/<reports_name>.twr

Tags: ,

This entry was posted on Wednesday, July 26th, 2006 at 2:48 am and is filed under Security, Systems. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

 
   
  * - Required field.
** - Mail address will not be shown publicly.