Configurations
The commands listed belows are some that we use often in regular use, but many more exist. Check the man pages for more details.
Running Tripwire in Interactive Checking Mode
In “Interactive Checking Mode” feature, Tripwire verifies files or directories that have been added, deleted, or changed from the original database and asks the user whether the database entry should be updated. This mode is the most convenient way of keeping your database up-to-date, but it requires that the user be “at the console”. If you intend to use this mode, then follow the simple steps below.
Stepi
Tripwire must have a database to compare against so we first create the file information database. This action will create a file called “tw.db_[hostname]” in the directory you specified to hold your databases (where [hostname] will be replaced with your machine hostname).
• To create the file information database for Tripwire, use the command:
[root@deep /]# cd /var/spool/tripwire/
[root@deep tripwire]# /usr/sbin/tripwire -initialize
We move to the directory we specified to hold our database, and then we create the file information database, which is used for all subsequent Integrity Checking.
Step 2
Once the file information database of Tripwire has been created, we can now run Tripwire in “Interactive Checking Mode”. This mode will prompt the user for whether or not each changed entry on the system should be updated to reflect the current state of the file.
• To run in Interactive Checking Mode, use the command:
[root@deep /]# cd /var/spool/tripwi re/database/
[root@deep database]* cp tw.db_myserverhostname /var/spool/tripwire/
[root@deep database]* cd ..
[root@deep tripwire]* /usr/sbin/tripwire -interactive
Tripwire(tm) ASR (Academic Source Release) 1.3.1
File Integrity Assessment Software
(c) 1992, Purdue Research Foundation, (c) 1997, 1999 Tripwire
Security Systems, Inc. All Rights Reserved. Use Restricted to
Authorized Licensees.
### Phase 1: Reading configuration file
the user to update the entry in the database.