Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Securing and Optimizing Linux: RedHat Edition -A Hands on Guide
PrevChapter 18. Linux Tripwire ASR 1.3.1Next

18.5. Tripwire in Interactive Checking Mode

In Interactive Checking Mode feature, Tripwire verifies files or directories that have been added, deleted, or changed from the original database and asks the user whether the database entry should be updated. This mode is the most convenient way of keeping your database up-to-date, but it requires that the user be at the console. If you intend to use this mode, then follow the simple steps below.

  1. Tripwire must have a database to compare against so we first create the file information database. This action will create a file called tw.db_[hostname] in the directory you specified to hold your databases where [hostname] will be replaced with your machine hostname. To create the file information database for Tripwire, use the command: 
              [[email protected]] /# cd /var/spool/tripwire/
          [[email protected] ]/tripwire# /usr/sbin/tripwire --initialize
    We move to the directory we specified to hold our database, and then we create the file information database, which is used for all subsequent Integrity Checking.

  2. Once the file information database of Tripwire has been created, we can now run Tripwire in Interactive Checking Mode. This mode will prompt the user for whether or not each changed entry on the system should be updated to reflect the current state of the file. To run in Interactive Checking Mode, use the command: 
              [[email protected]] /# cd /var/spool/tripwire/database/
          [[email protected] ]/database# cp tw.db_myserverhostname /var/spool/tripwire/          
          [[email protected] ]/database# cd ..          
          [[email protected] ]/tripwire# /usr/sbin/tripwire --interactive
          
    
          Tripwire(tm) ASR (Academic Source Release) 1.3.1
          File Integrity Assessment Software
          (c) 1992, Purdue Research Foundation, (c) 1997, 1999 Tripwire
          Security Systems, Inc. All Rights Reserved. Use Restricted to
          Authorized Licensees.
          ### Phase 1:   	Reading configuration file
          ### Phase 2:   	Generating file list
          ### Phase 3:   	Creating file information database
          ### Phase 4:   	Searching for inconsistencies
          ###
          ###                   Total files scanned:   	15722
          ###                   Files added:   		34
          ###                   Files deleted: 		42
          ###                   Files changed:         	321
          ### 
          ###                   Total file violations: 	397
          ### added:   -rwx------ root        22706 Dec 31 06:25:02 1999 /root/tmp/firewall
          ---> File: '/root/tmp/firewall'
          ---> Update entry?  [YN(y)nh?]

Note: In interactive mode, Tripwire first reports all added, deleted, and changed files, then allows the user to update the entry in the database.

PrevHomeNext
Configure the /etc/cron.daily/tripwire.verify scriptUpRun Tripwire in Database Update Mode
  
 
  Published under the terms of the Open Publication License Design by Interspire