Highest Voted 'tripwire' Questions - Server Fault Stack Exchange

9

votes

5 answers

Web Server Security Overkill?

I've been doing "extensive" research on securing a linux web server. On top of what is considered the "basics" (removing unused services, hardening ssh, iptables, etc.) is it wise to include anti-rootkits (Tripwire) and an anti-virus (ClamAV)? Are…

asked Nov 15 '10 at 17:56

Aaron

91
2

7

votes

2 answers

Should tripwire be entering /proc?

When initializing the db with tripwire --init it spat out a bunch of errors pertaining to /proc: ### Warning: File system error. ### Filename: /proc/16982/fd/4 ### No such file or directory ### Continuing... ### Warning: File system error. ###…

linux ubuntu tripwire

asked Mar 19 '12 at 09:31

dsadinoff

265
3
9

6

votes

3 answers

Tripwire policy suggestions

I've setup tripwire on a debian server, and default policy had some strange settings. # # Critical devices # ( rulename = "Devices & Kernel information", severity = $(SIG_HI), ) { /dev -> $(Device) ; # /proc ->…

linux security tripwire

asked Jun 02 '09 at 23:20

Slartibartfast

265
1
4
8

4

votes

4 answers

For tripwire, how would I have the report e-mailed only when a violation is found

My ideal solution for tripwire reports would be: Daily e-mails would only generate if a violation was found Every Sunday, a report would be e-mailed regardless of whether a violation was found I'm also interested in the opinions of SF'ers about…

cron tripwire

asked Oct 17 '10 at 14:00

Belmin Fernandez

10,629
26
84
145

4

votes

4 answers

Recommend alternative to tripwire?

Looking for a host-based IDS comparable to tripwire. Preferably one that allows centralized management. Right now I use tripwire and though it works management and reporting through a central server would be ideal. I'm looking for recommendations…

security intrusion-detection ids tripwire

asked May 14 '10 at 06:45

CarpeNoctem

2,397
4
23
32

3

votes

1 answer

Tripwire reporting a changed /dev/char

This was in a recent Tripwire report of a Debian Linux (virtual) server: ### Attr Observed (what it is) Expected (what it should be) ### =========== ============================= ============================= /dev/char/253:0 md5…

linux device tripwire

asked Jun 20 '12 at 15:42

user35042

2,601
10
32
57

3

votes

1 answer

Tripwire: tripwire --update -Z low says Error: File could not be opened

When i scan my system with tripwire and try to update after with tripwire --update -Z low i get the error: ### Error: File could not be opened. ### Filename: /var/lib/tripwire/report/nesystem-20101217-212722.twr ### No such file or directory ###…

tripwire

asked Dec 17 '10 at 20:31

NES

205
2
8

3

votes

2 answers

How do I send mail from Tripwire using SMTP?

I have just installed tripwire using Ubuntu repos and have gone into the configuration files and changed everything to what I want. When in comes to the options for SMTP mail method and the server and port to use, I am stumped. When I run the test…

ubuntu smtp sendmail linux tripwire

asked Jun 01 '10 at 17:48

ThomasG33K

2

votes

1 answer

Server auto update with tripwire IDS

I have a ubuntu server with weekly auto update/upgrade and tripwire installed. The problem is that the auto update kind of makes tripwire useless as changes always occur on my server. Therefore I constantly have violations flagged by tripwire. If…

ubuntu automatic-updates tripwire

asked Jan 05 '15 at 00:55

Cyrus

29
2

2

votes

4 answers

Simple application level file integrity monitoring & Intrusion detection (IDS)

We've been searching for a simple file integrity monitoring solution on CentOS/Linux that will work on the application level. We are not looking for OS/network level IDS as OSSEC and the others do a pretty good job at that. We have looked at…

intrusion-detection ids ossec ips tripwire

asked Aug 17 '13 at 13:06

Dev

21
2

1

vote

1 answer

remove postfix without removing tripwire (Ubuntu 15.10)

I installed tripwire and by mistake asked it to install postfix. How can I remove postfix and not lose tripwire? root@blah:~# apt-get remove postfix Reading package lists... Done Building dependency tree Reading state information...…

ubuntu postfix tripwire

asked Jan 14 '16 at 17:12

user584583

109
1
6

1

vote

1 answer

Investigating Tripwire report - 172 files added to "/proc/sys/net/"

Tripwire reported 172 files added to various sub-folders at "/proc/sys/net/ipv4" and "/proc/sys/net/ipv6". How can i investigate this? I'm running an Ubuntu 14 vps.

tripwire

asked May 08 '15 at 09:23

Paulo Perez

19
1

1

vote

1 answer

Tripwire help Required

I have created the policy file in Tripwire and also I have created the rules as well mentioned below: /opt/jboss/server/gis/conf -> $(SEC_CONFIG) +aipm +c+g+a+i+s+t+u+l+M; /usr/local/gtech/eseries/ -> $(SEC_CONFIG) +a+c+g+i+s+t+u+l+M ; After…

tripwire

asked Nov 07 '13 at 11:37

ramaperumal

11
1

1

vote

0 answers

Getting Tripwire to stop complaining about apt upgrades

We use tripwire on Ubuntu servers to monitor integrity of key files. We regularly update packages with apt and end up with noise from tripwire because staff find it is a hassle to update tripwire with knowledge of approved changes we have made. Is…

apt tripwire

asked Mar 04 '21 at 21:56

Joe Murray

123
4

0

votes

0 answers

Many violations in Tripwire

I've installed Tripwire yesterday (I'm new to Tripwire) in my new VPS (created two days ago). I've followed the steps of this tutorial to setup Tripwire and all worked fine and my report doesn't had any violations or errors. Today, I run tripwire…

ids tripwire

asked Jul 26 '18 at 15:35

user3753202

111
3

Questions tagged [tripwire]