Running Tripwire in Database Update Mode mixed with the tripwire.verify script file that mails the results to the system administrator, will reduce the time of
scanning the system. Instead of running Tripwire in Interactive Checking Mode and waiting for the long scan to finish, the script file tripwire.verify will scan
the system and report via mail the result, then you run Tripwire in Database Update Mode and update only single files or directories that has changed.
Example 18.1. Usage of Tripwire
If a single file has changed, you can:
[root@deep] /# tripwire -update /etc/newly.installed.file
Or, if an entire set of files or directories has changed, you can run:
[root@deep] /# tripwire -update /usr/lib/Package_Dir
In either case, Tripwire regenerates the database entries for every specified file. A backup of the old database is created in the ./databases directory.
These are Some possible uses of Tripwire software
Check the integrity of your files system.
Get a list of new installed or removed files on your system.
These are the files Installed by the software TripWire ASR on your system:
/etc/cron.daily/tripwire.verify
|
/etc/tw.config
|
/usr/man/man5/tw.config.5
|
/usr/man/man8/siggen.8
|
/usr/man/man8/tripwire.8
|
/usr/sbin/tripwire
|
/usr/sbin/siggen
|
/var/spool/tripwire
|
/var/spool/tripwire/tw.db_TEST
|
These are some of the alternatives to Tripwire:
ViperDB Homepage: http://www.resentment.org/projects/viperdb/
FCHECK Homepage:http://sites.netscape.net/fcheck/fcheck.html
Sentinel Homepage:http://zurk.netpedia.net/zfile.html