5. Securing Tripwire for Linux

It is important to make sure that the integrity of the system you are running has not been already compromised. For maximum confidence in your baseline database, you should generate operating system and application files from a clean installation and original media. Also, it is recommended that you delete the plain text copy of the Tripwire configuration file named twcfg.txt located under the /usr/bin directory to hide the location of Tripwire's files and prevent anyone from creating a second, or alternate, configuration file. To delete the plain text copy of the tripwire configuration file, use the following command:

           [root@deep] /#rm -f  /usr/bin/twcfg.txt

Further documentation for more details, there are several man pages you can read:


- signature gathering routine for Tripwire


- a file integrity checker for UNIX systems


- Tripwire administrative and utility tool


- Tripwire configuration file reference


- overview of files used by Tripwire and file backup process


- introduction to Tripwire software


- Tripwire policy file reference


- Tripwire database and report printer

5.1. Often used Commands

The commands listed below are some that we use often in our regular use, but many more exist. Check the man page for more details. Creating the database for the first time; once your policy file has been installed, it is time to build and initialize your database of file system objects, based on the rules from your policy file. This database will serve as the baseline for later integrity checks.

The syntax for Database Initialization mode is:

           [root@deep] /#tripwire --init

To initialize your database file, use the following command:

           [root@deep] /#tripwire --init

           Please enter your local passphrase:
           Parsing policy file: /usr/TSS/policy/tw.pol
           Generating the database...
           *** Processing Unix File System ***
           Wrote database file: /usr/TSS/db/deep.openna.com.twd
           The database was successfully generated.


When this command has executed, the database is ready and you can check system integrity and review the report file.