Configurations
Running Tripwire in Database Update Mode
Running Tripwire in “Database Update Mode” mixed with the “tripwire.verify” script file that mails the results to the system administrator, will reduce the time of scanning the system. Instead of running Tripwire in “Interactive Checking Mode” and waiting for the long scan to finish, the script file “tripwire.verify” will scan the system and report via mail the result, then you run Tripwire in “Database Update Mode” and update only single files or directories that has changed.
As an example:
If a single file has changed, you can:
[root@deep /]# tripwire -update /etc/newly.installed.file
Or, if an entire set of files or directories has changed, you can run: [root@deep /]# tripwire -update /usr/lib/Package_Dir
In either case, Tripwire regenerates the database entries for every specified file. A backup of the old database is created in the “./databases” directory.
Some possible uses of Tripwire software
Tripwire can be used to:
1. Check the integrity of your files system.
2. Get a list of new installed or removed files on your system.
Installed files
> /etc/cron.daily/tripwire.verify > /usr/sbin/tripwire
> /etc/tw.config > /usr/sbin/siggen
> /usr/man/man5/tw.config.5 > /var/spool/tripwire
> /usr/man/man8/siggen.8 > /var/spool/tripwire/tw.db_TEST
> /usr/man/man8/tripwire.8