Comments on Monitoring and Detecting Modified Files using Tripwire on CentOS 7

Tripwire is a powerful IDS that protects your system against unwanted changes. You can use it to monitor your system files, including website files, so when there is an unwanted file change, Tripwire will check your system and if set up correctly, can alert you on email.

3 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: BobbyBob
Reply  

Thanks! The best tutorial around!

This is the part that was missing in other tutorials:

for f in $(grep "Filename:" no-directory.txt | cut -f2 -d:); dosed -i "s|\($f\) |#\\1|g" /etc/tripwire/twpol.txtdone

By: K-Funk
Reply  

Thank you so much for the time you took to put this tutorial together - by far, the most accurate and comprehensive guide I found on Tripwire for CentOS7.

Side note for non-Wordpress users, you can change the "Wordpress Ruleset" to the following and it works great:

# Ruleset for Website

 (

   rulename = "Website Data",

   severity= $(SIG_HI),

   emailto = [email protected]

 )

 {

         /home/(account)/public_html        -> $(SEC_CRIT);

By: Jose Sanchez
Reply  

I have this question.

we need a cronjob to update the database?

 

Logically I think that if we don't have a cronjob that does that, the same changes, new files, deleted files will always be sent to our email every day.