Intrusion detection with Tripwire
Tripwire is a host-based intrusion detection system (HIDS). It works by collecting configuration and filesystem details and uses this information to provide a reference point between the previous state of a system and its current state, a process that is achieved by monitoring which files or directories were added or modified recently, who changed them, what changes were made, and when the changes took place.
As discussed in a previous chapter, you will need access to the EPEL repository in order to get Tripwire. When you are ready, it can be installed like this:
# yum install tripwire
To begin using Tripwire, you will need to create the appropriate local and site keys with the following syntax:
# tripwire-setup-keyfiles
When prompted, add a passphrase for both the site and local key file. Tripwire will advise you to use a combination of uppercase and lowercase letters, digits, and punctuation marks and, when complete, you will be asked to sign the configuration...