Skip to main content

Questions tagged [tripwire]

Tripwire is a free software security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems.

Filter by
Sorted by
Tagged with
9 votes
5 answers
3k views

Web Server Security Overkill?

I've been doing "extensive" research on securing a linux web server. On top of what is considered the "basics" (removing unused services, hardening ssh, iptables, etc.) is it wise to include anti-...
Aaron's user avatar
  • 91
8 votes
2 answers
3k views

Should tripwire be entering /proc?

When initializing the db with tripwire --init it spat out a bunch of errors pertaining to /proc: ### Warning: File system error. ### Filename: /proc/16982/fd/4 ### No such file or directory ### ...
dsadinoff's user avatar
  • 275
6 votes
3 answers
3k views

Tripwire policy suggestions

I've setup tripwire on a debian server, and default policy had some strange settings. # # Critical devices # ( rulename = "Devices & Kernel information", severity = $(SIG_HI), ) { /dev ...
Slartibartfast's user avatar
4 votes
4 answers
5k views

For tripwire, how would I have the report e-mailed only when a violation is found

My ideal solution for tripwire reports would be: Daily e-mails would only generate if a violation was found Every Sunday, a report would be e-mailed regardless of whether a violation was found I'm ...
Belmin Fernandez's user avatar
4 votes
4 answers
21k views

Recommend alternative to tripwire?

Looking for a host-based IDS comparable to tripwire. Preferably one that allows centralized management. Right now I use tripwire and though it works management and reporting through a central server ...
CarpeNoctem's user avatar
  • 2,457
3 votes
1 answer
2k views

Tripwire: tripwire --update -Z low says Error: File could not be opened

When i scan my system with tripwire and try to update after with tripwire --update -Z low i get the error: ### Error: File could not be opened. ### Filename: /var/lib/tripwire/report/nesystem-...
NES's user avatar
  • 215
3 votes
1 answer
1k views

Tripwire reporting a changed /dev/char

This was in a recent Tripwire report of a Debian Linux (virtual) server: ### Attr Observed (what it is) Expected (what it should be) ### =========== ============================= =====...
user35042's user avatar
  • 2,721
3 votes
2 answers
8k views

How do I send mail from Tripwire using SMTP?

I have just installed tripwire using Ubuntu repos and have gone into the configuration files and changed everything to what I want. When in comes to the options for SMTP mail method and the server and ...
user avatar
2 votes
4 answers
2k views

Simple application level file integrity monitoring & Intrusion detection (IDS)

We've been searching for a simple file integrity monitoring solution on CentOS/Linux that will work on the application level. We are not looking for OS/network level IDS as OSSEC and the others do a ...
Dev's user avatar
  • 21
2 votes
1 answer
350 views

Server auto update with tripwire IDS

I have a ubuntu server with weekly auto update/upgrade and tripwire installed. The problem is that the auto update kind of makes tripwire useless as changes always occur on my server. Therefore I ...
Cyrus's user avatar
  • 29
1 vote
1 answer
88 views

Investigating Tripwire report - 172 files added to "/proc/sys/net/" [closed]

Tripwire reported 172 files added to various sub-folders at "/proc/sys/net/ipv4" and "/proc/sys/net/ipv6". How can i investigate this? I'm running an Ubuntu 14 vps.
Paulo Perez's user avatar
1 vote
1 answer
475 views

remove postfix without removing tripwire (Ubuntu 15.10)

I installed tripwire and by mistake asked it to install postfix. How can I remove postfix and not lose tripwire? root@blah:~# apt-get remove postfix Reading package lists... Done Building ...
user584583's user avatar
1 vote
0 answers
82 views

Getting Tripwire to stop complaining about apt upgrades

We use tripwire on Ubuntu servers to monitor integrity of key files. We regularly update packages with apt and end up with noise from tripwire because staff find it is a hassle to update tripwire with ...
Joe Murray's user avatar
1 vote
1 answer
177 views

Tripwire help Required

I have created the policy file in Tripwire and also I have created the rules as well mentioned below: /opt/jboss/server/gis/conf -> $(SEC_CONFIG) +aipm +c+g+a+i+s+t+u+l+M; /usr/local/gtech/...
ramaperumal's user avatar
0 votes
1 answer
346 views

Building Tripwire RPM on CentOS6

I have been unable to locate a pre-built RPM for Tripwire on CentOS6. I have tried installing the one from CentOS5, as well as a couple of later Fedora RPMs, but all fail on a dependency on libcrypto....
Ex Umbris's user avatar
  • 864
0 votes
1 answer
231 views

What is the proper way to configure Tripwire to handle automatic log rotations?

I installed tripwire by following this online documentation on a fresh ubuntu 22.x server. I followed the above documentation exactly and did not add any custom mods to either the cfg or the pol ...
Chris Pappalardo's user avatar
0 votes
0 answers
112 views

Understanding Tripwire Logs

I'm new to the world of managing my own web server so have been trying to keep up with the best conventions. Tripwire is set to run every day and the findings are e-mailed to me. To be honest, when ...
nick's user avatar
  • 11
0 votes
0 answers
276 views

Many violations in Tripwire

I've installed Tripwire yesterday (I'm new to Tripwire) in my new VPS (created two days ago). I've followed the steps of this tutorial to setup Tripwire and all worked fine and my report doesn't had ...
user3753202's user avatar
0 votes
1 answer
205 views

Tripwire skipping files?

TL;DR: Question: how do I configure Tripwire to watch EVERYTHING that is below a certain path? My current config seems to only be looking at certain files / directories in a given path instead of ...
DrDamnit's user avatar
  • 348
0 votes
1 answer
290 views

Too Many HTTP Requests from one source

We are having an issue at one of our customer sites where Tripwire is flagging events when more than 1000 HTTP connections are being individually created from different IP addresses within a span of ...
Porter Leblanc's user avatar
0 votes
0 answers
101 views

Tripwire taking forever to accept report (Tripwire not accepting report)

I have a problem It's been a while since I ran Tripwire. (One Year) I'm able to make a report. (Takes about 1h30) But when I run the command to accept the file, it just runs and runs and runs, ...
Mallow's user avatar
  • 144