On Thu, 2005-09-29 at 14:34, Hahnel William J (CI) wrote: > I'm looking for a mechanism to monitor the integrity of critical files > on my FC4 servers. I understand Tripwire is the application to do it > but I am having no success getting it set up. I downloaded the source > from SourceForge but can not follow how to set it up. I could not > locate an RPM for the application. > > Any help getting something set up would be greatly appreciated. > > Thanks! > > Bill Hahnel > CI National Operations Center You should find a tripwire rpm in the extras repository for Fedora. Note: the setup script is now located in /usr/sbin/tripwire-setup-keyfiles. It explains this in one of the readme files that comes with the rpm. That file will setup the key files for your system. You will need to edit the policy file to get things configured the way you want and to eliminate items which are not installed on your system or which you don't want to monitor. Then run through the normal steps for setting up the database and running the report. One alternative to tripwire is AIDE. The last time I looked at it though it seemed to be immature and not quite ready. It did not sign the policy or database files which means to setup this up in a secure manner you would have to arrange to keep those files off line or on read only media. I personally prefer tripwire. I always found this RedHat documentation to be useful when setting up or updating tripwire: http://www.redhat.com/docs/manuals/linux/RHL-7.3-Manual/ref-guide/ch-tripwire.html The only real change from those docs to now is the initialization script which is /usr/sbin/tripwire-setup-keyfiles now. I also came across this posting. I have not tried this script but if it does what it claims it could be very useful. As always I would recommend you manually check the policy file to make sure it is monitoring the files you want on your system. http://moongroup.com/pipermail/shell.scripting/2004-March/000849.html If you use that script and it works let us know.