TripWire-系统完整性检查工具

今晚看iptables的书的时候，看到TripWire，以前也看过。但是没怎么注意

正好做了一下实验

http://sourceforge.net/projects/tripwire/

下载安装

wget http://nchc.dl.sourceforge.net/sourceforge/tripwire/tripwire-2.4.1.2-src.tar.bz2

tar xvf tripwire-2.4.1.2-src.tar.bz2

cd tripwire-2.4.1.2-src

./configure –prefix=/srv/tripwire && make && make install

初始化数据库

/srv/tripwire/sbin/tripwire -m i

检测某个软件的完整性

/srv/tripwire/sbin/tripwire -m c

e.g. sudo /srv/tripwire/sbin/tripwire -m c /bin/echo

Integrity checking objects specified on command line…

……..

Total objects scanned: 1

Total violations found: 0

……..

具体用法：

Database Initialization: tripwire [-m i

–init] [options]

Integrity Checking: tripwire [-m c

–check] [object1 [object2…]]

Database Update: tripwire [-m u

–update]

Policy Update: tripwire [-m p

–update-policy] policyfile.txt

Test: tripwire [-m t

–test] –email address