Differences

This shows you the differences between two versions of the page.

--- ids [2006/06/24 11:39]
a fixme
+++ ids [2009/05/25 00:35] (current)
@@ Line 7: / Line 7: @@
 ===== Tripwire =====
-FIXME
+=== links: ===
+  * [[http://openchemist.net/linux/howto.php?id=sec001|Tripwire (debian)]]
+==== Basic configuration (debian way) ====
+Install tripwire with apt-get (''apt-get install tripwire'')
+  cd /etc/tripwire
+  /usr/sbin/twadmin --create-polfile twpol.txt
+  /usr/sbin/tripwire --init  # Have patience, this will take a minute or so and
+                             # you'll get loads of "No such file" warnings...
+Ok, we're fully installed now. So let's run our first check so we can tune the policy
+  /usr/sbin/tripwire --check > twout.txt # lots of warnings and patience  gain...
+Now use this {{fixpol.pl|perl script (fixpol.pl)}}
+   chmod u+x fixpol.pl
+   ./fixpol.pl twout.txt twpol.txt | more    # there's lots of output
+**fixpol** prints what to do next near the end of its output in particular:
+You should now run
+   diff twpol.txt twpol.txt.new | more
+to make sure my changes aren't garbage. If it looks ok run
+   /usr/sbin/twadmin --create-polfile twpol.txt.new
+   /usr/sbin/tripwire --init
+to install the new policy in the database.
+Now you're in a position to run
+   /usr/sbin/tripwire --check
+regularly in cron or whatever.
 ===== Linux (misc) =====
@@ Line 52: / Line 91: @@
 That would run chkrootkit every night a 3.00h.
 ==== rkhunter  ====
@@ Line 69: / Line 109: @@
   rkhunter -c
+==== Lynis ====
+download from [[http://www.rootkit.nl/projects/lynis.html|here]]
+   # wget http://www.rootkit.nl/files/lynis-1.1.8.tar.gz
+   # tar xvfz lynis-1.1.8.tar.gz
+   # ./lynis --check-update
+   # ./lynis -c
 ==== MD5 sum checks ====