Tripwire for Ubuntu

Tripwire is a file integrity checking tool. It’s primary function is notify you of any changes made to files or directories you have selected for monitoring. There are many tools available these days for this task however Tripwire specializes in this one function. It’s a tool that’s been around since before the days of the internet so it’s a very mature tool. Tripwire used to be open source but became a commercial entity in 1997. The company has become a digital security mogul in times of late however the console based version of Tripwire still carries an open source license so it can be used on many systems without further compensation or licensing requirements.

Like the Wikipedia entry this article in going to be short and sweet. I will provide some links to the best installation guide shortly and will outline essential commands below for those that might want to quickstart.

This tool can be used to tell you if someone has edited your precious book file. It can tell you if key files like /etc/passwd and /etc/shadow have been altered which could indicate hacking activity. Tripwire is a tool that gives system administrators piece of mind on sensitive systems and assures them of unaltered binary and text files. Additionally Tripwire can help with keeping industry certifications and is a popular piece of software which can indicate compliance to systems security auditors.

There’s really not much more to say about so I’ll let you know how to get on your Ubuntu system.

apt install tripwire

The following guide details the installation process for Ubuntu 16.04 however it will work unaltered on Ubuntu 20.04. I’ve seen a few guides specifically for Ubuntu 20.04 but they are either just a link back to this page or a plagiarized copy and leave out many details that could have you scratching your head in frustration. If I were to have written a Tripwire installation guide this would be the one:

https://www.howtoforge.com/tutorial/how-to-monitor-and-detect-modified-files-using-tripwire-on-ubuntu-1604/

Below is a short list of essential commands for those that want to quickstart but I highly recommend going through the above referenced installation guide if you’ve never used Tripwire or need a memory refresh.

Initialize a tripwire database:

tripwire --init

Generate/Regenerate the encrypted policy file:

twadmin -m P /etc/tripwire/twpol.txt

Update tripwire database:

/usr/sbin/tripwire --update --twrfile /var/lib/tripwire/report/<report>.twr

Check the tripwire database for any changes:

tripwire –check

Please visit my Patreon page if you’re so inclined or make a donation. Or you can click the coffee cup in the bottom right corner of the screen and Buy Me A Coffee. Thank you!


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *