Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




18.5. Tripwire in Interactive Checking Mode

In Interactive Checking Mode feature, Tripwire verifies files or directories that have been added, deleted, or changed from the original database and asks the user whether the database entry should be updated. This mode is the most convenient way of keeping your database up-to-date, but it requires that the user be at the console. If you intend to use this mode, then follow the simple steps below.

  1. Tripwire must have a database to compare against so we first create the file information database. This action will create a file called tw.db_[hostname] in the directory you specified to hold your databases where [hostname] will be replaced with your machine hostname. To create the file information database for Tripwire, use the command:
              [root@deep] /# cd /var/spool/tripwire/
              [root@deep ]/tripwire# /usr/sbin/tripwire --initialize
    We move to the directory we specified to hold our database, and then we create the file information database, which is used for all subsequent Integrity Checking.

  2. Once the file information database of Tripwire has been created, we can now run Tripwire in Interactive Checking Mode. This mode will prompt the user for whether or not each changed entry on the system should be updated to reflect the current state of the file. To run in Interactive Checking Mode, use the command:
              [root@deep] /# cd /var/spool/tripwire/database/
              [root@deep ]/database# cp tw.db_myserverhostname /var/spool/tripwire/          
              [root@deep ]/database# cd ..          
              [root@deep ]/tripwire# /usr/sbin/tripwire --interactive
          Tripwire(tm) ASR (Academic Source Release) 1.3.1
              File Integrity Assessment Software
              (c) 1992, Purdue Research Foundation, (c) 1997, 1999 Tripwire
              Security Systems, Inc. All Rights Reserved. Use Restricted to
              Authorized Licensees.
              ### Phase 1:   	Reading configuration file
              ### Phase 2:   	Generating file list
              ### Phase 3:   	Creating file information database
              ### Phase 4:   	Searching for inconsistencies
              ###                   Total files scanned:   	15722
              ###                   Files added:   		34
              ###                   Files deleted: 		42
              ###                   Files changed:         	321
              ###                   Total file violations: 	397
              ### added:   -rwx------ root        22706 Dec 31 06:25:02 1999 /root/tmp/firewall
              ---> File: '/root/tmp/firewall'
              ---> Update entry?  [YN(y)nh?]

Note: In interactive mode, Tripwire first reports all added, deleted, and changed files, then allows the user to update the entry in the database.

  Published under the terms of the Open Publication License Design by Interspire