*** Monitoring - Tripwire
About Tripwire
installation configuration Tripwire
Add Policy
Tripwire is a free open source *** Detection System (IDS).
It is a safe tool for the monitoring and warning system for file changes. You can use it to monitor your system files, including website files.
*** Compared with other detection systems (IDS), Tripwire does have its own drawbacks. However, because it is open source, these shortcomings will soon be forgotten.
Tripwire provides four algorithms
- CRC32 (common)
- MD5 (common)
- SHA
- HAVAL
Installation configuration Tripwire
yum install epel-release
yum -y install tripwire
Tripwire generates a new key file
tripwire-setup-keyfiles
Installation configuration Tripwire
initialization
tripwire –init
sh -c "tripwire --check | grep Filename > no-directory.txt”
for f in $(grep "Filename:" no-directory.txt | cut -f2 -d:); do sed -i "s|($f) |#\1|g" /etc/tripwire/twpol.txt done
Installation configuration Tripwire
regenerate and re-signed tripwire configuration
twadmin -m P /etc/tripwire/twpol.txt
Re-initialize the tripwire
tripwire --init
tripwire --check
Add Policy
copy the code
(
rulename = "server run",
severity= $(SIG_HI)
)
{
/etc/init.d -> $(SEC_CRIT);
}