Revision as of 23:09, 5 March 2022

Overview

What is it?

Tripwire is an open-source program that monitors file integrity. It performs a check of the filesystem state against a known baseline state, and alerts on changes that are detected.

Tripwire can monitor file contents, but also permissions, ownership, or directories.

Installing

Tripwire is a bit of a pain to install in an automated way, because it wants to try and walk you through a few initial setup steps, one of which includes setting up a postgres mail server.

We cover automation strategies for installing Tripwire below.

Manual Installation

Install Tripwire using aptitude, since it is present in the official Debian repositories:

sudo apt-get -y update
sudo apt-get -y install tripwire

This will present several interactive prompts for the mulit-step setup process.

The steps are described on the Tripwire Readme: https://github.com/Tripwire/tripwire-open-source

This is fine for a one-off install, but annoying to automate.

Automated Installation

This SO answer gives some help, but this Unix SE answer is also needed. Here's the final incantation:

sudo DEBIAN_FRONTEND=noninteractive apt-get -y install tripwire

Flags

@@ Line 33: / Line 33: @@
 <pre>
-export DEBIAN_FRONTEND=noninteractive sudo -E apt-get -y install tripwire
+sudo DEBIAN_FRONTEND=noninteractive apt-get -y install tripwire
 </pre>
-The -E flag is needed so the environment variable (that is being defined for the regular user running sudo, not the root user) will be passed into the sudo command along with the rest of the user's environment variables.
 =Flags=
 {{KaliFlag}}

Tripwire: Difference between revisions

From charlesreid1