How to install and Use Tripwire on Debian 11

Hello, friends. In this post, you will learn how to install and use Tripwire on Debian 11. This intrusion detection system is a vital tool for many sysadmins.

What is Tripwire?

Tripwire is an intrusion detection system that will help us to further improve server security.

To accomplish this, Tripwire is constantly updating critical system files. In addition to this, it also reports control reports in case they have been modified or deleted by a hacker. In short, it scans sensitive files for changes.

Fortunately, Tripwire is an open-source tool with outstanding Linux support. This means that the installation process will be easy to do.

Let’s go for it.

Installing Tripwire on Debian 11

Tripwire is present in the official Debian repositories. So, it is a good idea to use them to perform the installation.

sudo apt update
sudo apt install tripwire
1.- Install Tripwire on Debian 11
1.- Install Tripwire on Debian 11

During the installation process, you will be presented with several configuration screens. In them, you will have to configure postfix and you will be asked to include a Passphrase.

2.- Site passphrase
2.- Site passphrase

You will then have to configure another one which is local.

3.- Local key passphrase
3.- Local key passphrase

Then, when the installation process is finished, you will see the following screen.

4.- Tripwire installed
4.- Tripwire installed

Tripwire is now installed, and you are ready to use it.

Using Tripwire in Debian 11

Once Tripwire is installed, we need to use it. To complete this, we have to initialize the database and make it encrypted.

sudo tripwire -m i
5.- Tripwire running
5.- Tripwire running

Once the database is initialized, then we need to do a system-wide scan to get Tripwire up and running.

To do this, run

sudo tripwire -m c 
Tripwire on Debian 11
Tripwire on Debian 11

Another important option is to run Tripwire in interactive mode with the -I option.

sudo tripwire -m c -I

Scheduling a scan with Crontab and Tripwire

To get the most out of Tripwire you need to schedule a periodic system scan. An example of this might be.

55 03 * * * /usr/sbin/tripwire -m c 

In this case, Tripwire will run every day at 03:55 AM. Of course, this entry has to be added after executing.

crontab -e

That’s how easy it is to schedule this task

More Tripwire usage options

To limit the scan to a specific key directory, you can do this as follows

sudo tripwire --check /tmp


Now you know how to use Tripwire on Linux and especially on Debian. Thanks for reading.

I am Angelo. A systems engineer passionate about Linux and all open-source software. Although here I'm just another member of the family.


Please enter your comment!
Please enter your name here

Latest articles

Join us on Facebook