1. Install, Compile and Optimize

Tripwire is a file and directory integrity checker, a utility that compares a designated set of files and directories against information stored in a previously generated database. Any differences are flagged and logged, including added or deleted entries. When run against system files on a regular basis, any changes in critical system files will be spotted -- and appropriate damage control measures can be taken immediately. With Tripwire, system administrators can conclude with a high degree of certainty that a given set of files remain free of unauthorized modifications if Tripwire reports no changes.

These installation instructions assume:

These are the package(s) required and Tripwire Homepage:


You must be sure to download: Tripwire-1.3.1-1.tar.gz

You need to decompress the Tarballs, It is a good idea to make a list of files on the system before you install it, and one afterwards, and then compare them using diff to find out what file it placed where. Simply run find /* > Tripwire1 before and find /* > Tripwire2 after you install the tarball, and use diff Tripwire1 Tripwire2 > Tripwire-Installed to get a list of what changed.

          [root@deep] /# cp Tripwire-version.tar.gz /var/tmp
          [root@deep] /# cd /var/tmp
          [root@deep ]/tmp# tar xzpf Tripwire-version.tar.gz

Move into the new Tripwire directory and Edit the utils.c file (vi +462 src/utils.c) and change the line:

          else if (iscntrl(*pcin)) {

To read:

          else if (!(*pcin & 0x80) && iscntrl(*pcin)) {

Edit the config.parse.c file, vi +356 src/config.parse.c and change the line:


To read:

          else {

Edit the config.h file, vi +106 include/config.h and change the line:

          #define CONFIG_PATH     "/usr/local/bin/tw"
          #define DATABASE_PATH   "/var/tripwire"

To read:

          #define CONFIG_PATH     "/etc"
          #define DATABASE_PATH   "/var/spool/tripwire"

Edit the config.h file, vi +165 include/config.h and change the line:

          #define TEMPFILE_TEMPLATE "/tmp/twzXXXXXX"

To read:

          #define TEMPFILE_TEMPLATE "/var/tmp/.twzXXXXXX"

Edit the config.pre.y file vi +66 src/config.pre.y and change the line:

          #ifdef TW_LINUX

To read:

          #ifdef TW_LINUX_UNDEF

Edit the Makefile, vi +13 Makefile and change the line:

          DESTDIR = /usr/local/bin/tw

To read:

          DESTDIR = /usr/sbin

          DATADIR = /var/tripwire

To read:

          DATADIR = /var/spool/tripwire

          LEX     = lex

To read:

          LEX     = flex


To read:


          CFLAGS = -O

To read:

          CFLAGS = -O9 -funroll-loops -ffast-math -malign-double -mcpu=pentiumpro -march=pentiumpro -fomit-frame-pointer -fno-exceptions

          [root@deep ]/tw_ASR_1.3.1_src# make
          [root@deep ]/tw_ASR_1.3.1_src# make install

          [root@deep ]/tw_ASR_1.3.1_src# chmod 700  /var/spool/tripwire/
          [root@deep ]/tw_ASR_1.3.1_src# chmod 500 /usr/sbin/tripwire
          [root@deep ]/tw_ASR_1.3.1_src# chmod 500 /usr/sbin/siggen
          [root@deep ]/tw_ASR_1.3.1_src# rm -f  /usr/sbin/tw.config

Do Cleanup later:

          [root@deep] /# cd /var/tmp
          [root@deep ]/tmp# rm -rf tw_ASR_version/ Tripwire-version.tar.gz

The rm command as used above will remove all the source files we have used to compile and install Tripwire. It will also remove the Tripwire compressed archive from the /var/tmp directory.