Overview

What is it?

Tripwire is an open-source program that monitors file integrity. It performs a check of the filesystem state against a known baseline state, and alerts on changes that are detected.

Tripwire can monitor file contents, but also permissions, ownership, or directories.

Installing

Tripwire is a bit of a pain to install in an automated way, because it wants to try and walk you through a few initial setup steps.

We cover automated installation below.

Manual Installation

Install Tripwire using aptitude, since it is present in the official Debian repositories:

sudo apt-get -y update
sudo apt-get -y install tripwire

This will present several interactive prompts for the mulit-step setup process.

The steps are described on the Tripwire Readme: https://github.com/Tripwire/tripwire-open-source

Automated Installation

This SO answer gives some help, but this Unix SE answer is also needed. Here's the final incantation:

sudo DEBIAN_FRONTEND=noninteractive apt-get -y install tripwire

This should install tripwire with zero user intervention required.

Automated Setup Details

Some details about what happens and where things go when setup is automated...

Automated Key Creation

The Tripwire setup process sets up two different keys:

• site key - the key used to secure the configuration file (if the configuration file is compromised, all findings from tripwire are suspect); this can be used across multiple servers just as config files can be
• local key - the key used on each machine to run the binary (ensures binary does not run without owner's consent)

These keys can be protected with a passphrase if Tripwire is being set up manually, but the automated installation process will not put any passphrase in place.

Automated installation will put the keys here:

• /etc/tripwire/HOSTNAME-local.key - this is the automatically generated local key
• /etc/tripwire/site.key - this is the automatically generated site key

Configuration

The default configuration file for an automated installation is at /etc/tripwire/tw.cfg - but this file is encrypted using the Tripwire site key, so to actually make changes, the plain text version of the config file is at

/etc/tripwire/twcfg.txt

When you run tripwire, you can specify an alternative config file using the -c or --cfgfile flag.

Running

The tripwire binary is just called tripwire

You're welcome

Getting Help

tripwire --help all

Flags

Kali Linux "The quieter you become, the more you are able to hear." Penetration testing Linux distribution. Kali  · Category:Kali Kali/Wireless Reboot Kali Software: Kali Tools Kali Top 10 Aircrack  · Wireshark  · John the Ripper  · Nmap  · Metasploit Framework Dsniff  · Tcpdump  · Hydra  · Sqlmap  · Burpsuite  · Commix Dirbuster  · Valgrind Attack Workflow: Kali/Workflow 1 Physical Attacks: Kali/Layer 1 Attacks 2 Data/MAC Attacks: Kali/Layer 2 Attacks 3 Network Attacks: Kali/Layer 3 Attacks 4 Transport Attacks: Kali/Layer 4 Attacks 5 Session Attacks: Kali/Layer 5 Attacks 6 Presentation Attacks: Kali/Layer 6 Attacks 7 Application Attacks: Kali/Layer 7 Attacks Red Team Blue Team Metasploitable - Red Team Metasploitable - Blue Team Networking: Kali/Hotspot  · Kali/OpenVPN  · Kali/OpenVPN/Hotspot  · Kali/OpenVPN/PIA Kali/IPv6 Booting: Kali/Dual Boot OS X  · Kali/Live USB  · Kali/Persistent USB Installing: Kali/Installing  · Kali/Post Install  · Kali/Fixes Kali on Raspberry Pi: Kali Raspberry Pi  · Kali Raspberry Pi/Installing  · Kali Raspberry Pi/Headless  · Kali Raspberry Pi/Post-Install Category:Security  · Category:Wireless  · Category:Passwords  · Category:Man in the Middle Flags  · Template:KaliFlag  · e