Tripwire: Difference between revisions
From charlesreid1
| Line 9: | Line 9: | ||
==Installing== | ==Installing== | ||
Tripwire is a bit of a pain to install, | Tripwire is a bit of a pain to install in an automated way, because it wants to try and walk you through a few initial setup steps, one of which includes setting up a postgres mail server. | ||
We cover automation strategies for installing Tripwire below. | |||
===Manual Installation=== | |||
Install Tripwire using aptitude, since it is present in the official Debian repositories: | |||
<pre> | <pre> | ||
| Line 19: | Line 22: | ||
</pre> | </pre> | ||
This will present several interactive prompts for the mulit-step setup process. | |||
The steps are described on the Tripwire Readme: https://github.com/Tripwire/tripwire-open-source | |||
This is fine for a one-off install, but annoying to automate. | |||
===Automated Installation=== | |||
[https://stackoverflow.com/a/38419752 This SO answer] gives some help, but [https://unix.stackexchange.com/a/337820 this Unix SE answer] is also needed. Here's the final incantation: | |||
<pre> | |||
export DEBIAN_FRONTEND=noninteractive sudo -E apt-get -y install tripwire | |||
</pre> | |||
The -E flag is needed so the environment variable (that is being defined for the regular user running sudo, not the root user) will be passed into the sudo command along with the rest of the user's environment variables. | |||
=Flags= | =Flags= | ||
{{KaliFlag}} | {{KaliFlag}} | ||
Revision as of 23:07, 5 March 2022
Overview
What is it?
Tripwire is an open-source program that monitors file integrity. It performs a check of the filesystem state against a known baseline state, and alerts on changes that are detected.
Tripwire can monitor file contents, but also permissions, ownership, or directories.
Installing
Tripwire is a bit of a pain to install in an automated way, because it wants to try and walk you through a few initial setup steps, one of which includes setting up a postgres mail server.
We cover automation strategies for installing Tripwire below.
Manual Installation
Install Tripwire using aptitude, since it is present in the official Debian repositories:
sudo apt-get -y update sudo apt-get -y install tripwire
This will present several interactive prompts for the mulit-step setup process.
The steps are described on the Tripwire Readme: https://github.com/Tripwire/tripwire-open-source
This is fine for a one-off install, but annoying to automate.
Automated Installation
This SO answer gives some help, but this Unix SE answer is also needed. Here's the final incantation:
export DEBIAN_FRONTEND=noninteractive sudo -E apt-get -y install tripwire
The -E flag is needed so the environment variable (that is being defined for the regular user running sudo, not the root user) will be passed into the sudo command along with the rest of the user's environment variables.
Flags
