Securing and Optimizing Linux: RedHat Edition -A Hands on Guide
PrevChapter 18. Linux Tripwire ASR 1.3.1Next

18.6. Run Tripwire in Database Update Mode

Running Tripwire in Database Update Mode mixed with the tripwire.verify script file that mails the results to the system administrator, will reduce the time of scanning the system. Instead of running Tripwire in Interactive Checking Mode and waiting for the long scan to finish, the script file tripwire.verify will scan the system and report via mail the result, then you run Tripwire in Database Update Mode and update only single files or directories that has changed.

Example 18-1. Usage of Tripwire

If a single file has changed, you can: 

            [root@deep] /# tripwire -update /etc/newly.installed.file

Or, if an entire set of files or directories has changed, you can run: 

            [root@deep] /# tripwire -update /usr/lib/Package_Dir
In either case, Tripwire regenerates the database entries for every specified file. A backup of the old database is created in the ./databases directory.

These are Some possible uses of Tripwire software

  1. Check the integrity of your files system.

  2. Get a list of new installed or removed files on your system.

18.6.1. Installed Files

These are the files Installed by the software TripWire ASR on your system:

/etc/cron.daily/tripwire.verify
/etc/tw.config
/usr/man/man5/tw.config.5
/usr/man/man8/siggen.8
/usr/man/man8/tripwire.8
/usr/sbin/tripwire
/usr/sbin/siggen
/var/spool/tripwire
/var/spool/tripwire/tw.db_TEST

18.6.1.1. Alternatives to Tripwire

These are some of the alternatives to Tripwire:

ViperDB

ViperDB Homepage: http://www.resentment.org/projects/viperdb/

FCHECK

FCHECK Homepage:http://sites.netscape.net/fcheck/fcheck.html

Sentinel

Sentinel Homepage:http://zurk.netpedia.net/zfile.html

PrevHomeNext
Tripwire in Interactive Checking ModeUpSoftware -Securities/Management & Limitation