18.5. Tripwire in Interactive Checking Mode

In Interactive Checking Mode feature, Tripwire verifies files or directories that have been added, deleted, or changed from the original database and asks the user whether the database entry should be updated. This mode is the most convenient way of keeping your database up-to-date, but it requires that the user be at the console. If you intend to use this mode, then follow the simple steps below.

  1. Tripwire must have a database to compare against so we first create the file information database. This action will create a file called tw.db_[hostname] in the directory you specified to hold your databases where [hostname] will be replaced with your machine hostname. To create the file information database for Tripwire, use the command:

    
          [root@deep] /# cd /var/spool/tripwire/
              [root@deep ]/tripwire# /usr/sbin/tripwire --initialize
              
    We move to the directory we specified to hold our database, and then we create the file information database, which is used for all subsequent Integrity Checking.

  2. Once the file information database of Tripwire has been created, we can now run Tripwire in Interactive Checking Mode. This mode will prompt the user for whether or not each changed entry on the system should be updated to reflect the current state of the file. To run in Interactive Checking Mode, use the command:

    
          [root@deep] /# cd /var/spool/tripwire/database/
              [root@deep ]/database# cp tw.db_myserverhostname /var/spool/tripwire/          
              [root@deep ]/database# cd ..          
              [root@deep ]/tripwire# /usr/sbin/tripwire --interactive
              
    
          Tripwire(tm) ASR (Academic Source Release) 1.3.1
              File Integrity Assessment Software
              (c) 1992, Purdue Research Foundation, (c) 1997, 1999 Tripwire
              Security Systems, Inc. All Rights Reserved. Use Restricted to
              Authorized Licensees.
              ### Phase 1:          Reading configuration file
              ### Phase 2:          Generating file list
              ### Phase 3:          Creating file information database
              ### Phase 4:          Searching for inconsistencies
              ###
              ###                   Total files scanned:    15722
              ###                   Files added:            34
              ###                   Files deleted:          42
              ###                   Files changed:          321
              ### 
              ###                   Total file violations:  397
              ### added:   -rwx------ root        22706 Dec 31 06:25:02 1999 /root/tmp/firewall
              ---> File: '/root/tmp/firewall'
              ---> Update entry?  [YN(y)nh?]
              
              

Note: In interactive mode, Tripwire first reports all added, deleted, and changed files, then allows the user to update the entry in the database.