Created
February 20, 2012 18:18
-
-
Save fduran/1870451 to your computer and use it in GitHub Desktop.
Linux file integrity with tripwire
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# crucial files integrity check with tripwire http://sourceforge.net/projects/tripwire/ | |
# www.fduran.com | |
apt-get update | |
apt-get install tripwire (enter 2 passwords) | |
# in /etc/tripwire/twpol.txt : | |
# a) in /root section comment out all of them minus result of: | |
ls -la /root | |
# ex:: .bash_history , .bashrc , .profile | |
# b) comment out /proc | |
# create initial binary policy from text policy: | |
twadmin --create-polfile --polfile tw.pol twpol.txt | |
# create initial database: | |
tripwire --init --polfile tw.pol | |
# change & recreate policy file until no more false positives / warnings | |
# check: | |
tripwire --check | |
# crontab daily or weekly: /usr/sbin/tripwire --check 2&>1 > /dev/null | |
# reports stored in | |
less /var/lib/tripwire/report/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment