I have recently been tweaking the Tripwire installation on my server. I'm trying to set it so that it runs hourly through crontab and ONLY sends me an email IF it detects violations.

So far I've tried the following.

In /etc/tripwire/twcfg.txt I've set

MAILNOVIOLATIONS =false
EMAILREPORTLEVEL =1

I've also changed the tripwire-check script so the command line
to launch the check is:

tripwire --check --quiet

In spite of all of this I still get hourly 2 page emails reporting no violations.

Any clue as to what I'm doing wrong?

I figured out how to do this. I now have Tripwire running hourly with Cron but I only get emails if it detects a problem.



If anyone else is interested in the details please post request here.

JD,

Yes, I'm very interested in doing this myself. Btw, are you also running Bastille? Any conflicts between the two?

Thanks,

--Reb

I'm running the Shorewall firewall instead of Bastille's. I think it's more robust, easier to tweak and comes with monitoring tools to track the ip addresses that are scanning you.

Recommended:
http://shorewall.net/

I did run the Bastille security script though.

The Tripwire config needs to be tweaked anyway on the system to ignore a lot of missing files.

If I get a chance I'll post a HOWTO.

Thanks, JD. Will check this out ASAP!

--Reb

What has firewalls to do with Tripwire?

Tripwire, from what I understand, is a check to see if files have been changed.