Questions tagged [tripwire]
Tripwire is a free software security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems.
21
questions
9
votes
5
answers
3k
views
Web Server Security Overkill?
I've been doing "extensive" research on securing a linux web server. On top of what is considered the "basics" (removing unused services, hardening ssh, iptables, etc.) is it wise to include anti-...
- 91
8
votes
2
answers
3k
views
Should tripwire be entering /proc?
When initializing the db with tripwire --init it spat out a bunch of errors pertaining to /proc:
### Warning: File system error.
### Filename: /proc/16982/fd/4
### No such file or directory
### ...
- 275
6
votes
3
answers
3k
views
Tripwire policy suggestions
I've setup tripwire on a debian server, and default policy had some strange settings.
#
# Critical devices
#
(
rulename = "Devices & Kernel information",
severity = $(SIG_HI),
)
{
/dev ...
- 275
4
votes
4
answers
5k
views
For tripwire, how would I have the report e-mailed only when a violation is found
My ideal solution for tripwire reports would be:
Daily e-mails would only generate if a violation was found
Every Sunday, a report would be e-mailed regardless of whether a violation was found
I'm ...
- 10.9k
4
votes
4
answers
21k
views
Recommend alternative to tripwire?
Looking for a host-based IDS comparable to tripwire. Preferably one that allows centralized management. Right now I use tripwire and though it works management and reporting through a central server ...
- 2,457
3
votes
1
answer
2k
views
Tripwire: tripwire --update -Z low says Error: File could not be opened
When i scan my system with tripwire and try to update after with
tripwire --update -Z low
i get the error:
### Error: File could not be opened.
### Filename: /var/lib/tripwire/report/nesystem-...
- 215
3
votes
1
answer
1k
views
Tripwire reporting a changed /dev/char
This was in a recent Tripwire report of a Debian Linux (virtual) server:
### Attr Observed (what it is) Expected (what it should be)
### =========== ============================= =====...
- 2,721
3
votes
2
answers
8k
views
How do I send mail from Tripwire using SMTP?
I have just installed tripwire using Ubuntu repos and have gone into the configuration files and changed everything to what I want. When in comes to the options for SMTP mail method and the server and ...
ThomasG33K
2
votes
4
answers
2k
views
Simple application level file integrity monitoring & Intrusion detection (IDS)
We've been searching for a simple file integrity monitoring solution on CentOS/Linux that will work on the application level. We are not looking for OS/network level IDS as OSSEC and the others do a ...
- 21
2
votes
1
answer
350
views
Server auto update with tripwire IDS
I have a ubuntu server with weekly auto update/upgrade and tripwire installed.
The problem is that the auto update kind of makes tripwire useless as changes always occur on my server. Therefore I ...
- 29
1
vote
1
answer
88
views
Investigating Tripwire report - 172 files added to "/proc/sys/net/" [closed]
Tripwire reported 172 files added to various sub-folders at "/proc/sys/net/ipv4" and "/proc/sys/net/ipv6".
How can i investigate this?
I'm running an Ubuntu 14 vps.
- 19
1
vote
1
answer
475
views
remove postfix without removing tripwire (Ubuntu 15.10)
I installed tripwire and by mistake asked it to install postfix. How can I remove postfix and not lose tripwire?
root@blah:~# apt-get remove postfix
Reading package lists... Done
Building ...
- 109
1
vote
0
answers
82
views
Getting Tripwire to stop complaining about apt upgrades
We use tripwire on Ubuntu servers to monitor integrity of key files. We regularly update packages with apt and end up with noise from tripwire because staff find it is a hassle to update tripwire with ...
- 123
1
vote
1
answer
177
views
Tripwire help Required
I have created the policy file in Tripwire and also I have created the rules as well mentioned below:
/opt/jboss/server/gis/conf -> $(SEC_CONFIG) +aipm +c+g+a+i+s+t+u+l+M;
/usr/local/gtech/...
- 11
0
votes
1
answer
346
views
Building Tripwire RPM on CentOS6
I have been unable to locate a pre-built RPM for Tripwire on CentOS6.
I have tried installing the one from CentOS5, as well as a couple of later Fedora RPMs, but all fail on a dependency on libcrypto....
- 864
0
votes
1
answer
231
views
What is the proper way to configure Tripwire to handle automatic log rotations?
I installed tripwire by following this online documentation on a fresh ubuntu 22.x server. I followed the above documentation exactly and did not add any custom mods to either the cfg or the pol ...
0
votes
0
answers
112
views
Understanding Tripwire Logs
I'm new to the world of managing my own web server so have been trying to keep up with the best conventions.
Tripwire is set to run every day and the findings are e-mailed to me. To be honest, when ...
- 11
0
votes
0
answers
276
views
Many violations in Tripwire
I've installed Tripwire yesterday (I'm new to Tripwire) in my new VPS (created two days ago). I've followed the steps of this tutorial to setup Tripwire and all worked fine and my report doesn't had ...
- 121
0
votes
1
answer
205
views
Tripwire skipping files?
TL;DR:
Question: how do I configure Tripwire to watch EVERYTHING that is below a certain path? My current config seems to only be looking at certain files / directories in a given path instead of ...
- 348
0
votes
1
answer
290
views
Too Many HTTP Requests from one source
We are having an issue at one of our customer sites where Tripwire is flagging events when more than 1000 HTTP connections are being individually created from different IP addresses within a span of ...
0
votes
0
answers
101
views
Tripwire taking forever to accept report (Tripwire not accepting report)
I have a problem
It's been a while since I ran Tripwire. (One Year)
I'm able to make a report. (Takes about 1h30)
But when I run the command to accept the file, it just runs and runs and runs, ...
- 144