Install tripwire
apt-get update
apt-get install tripwire
apt-get install tripwire
Create initial policy
twadmin --create-polfile /etc/tripwire/twpol.txt
Initialise and capture errors in default config
tripwire --init
tripwire --check 2>&1 | grep Filename
tripwire --check 2>&1 | grep Filename
Fix errors in default config
Set up files and directories you want to watch
See https://www.digitalocean.com/community/tutorials/how-to-use-tripwire-to-detect-server-intrusions-on-an-ubuntu-vps for sensible suggestions.
nano /etc/tripwire/twpol.txt
Rebuild policy and re-initialise
twadmin -m P /etc/tripwire/twpol.txt
tripwire --init
tripwire --init
Remove plaintext config
rm /etc/tripwire/twpol.txt
Set up crontab for daily check and email report
0 0 * * * tripwire --check | mail -s "Tripwire report for `uname -n`" [email protected]