Use cron. For example, to perform an integrity check every day at 3:00 a.m.:
root's crontab file:
0 3 * * * /usr/sbin/tripwire --check
This is not a production-quality recipe. An intruder could compromise cron, substituting another job or simply preventing yours from running. For more reliability, run the cron job on a trusted remote machine:
Remote crontab entry on trusty:
0 3 * * * ssh -n -l root trippy /usr/sbin/tripwire --check
but if an intruder compromises sshd on trippy, you’re again
out of luck. Likewise, some
rootkits [Recipe 9.12] can subvert the exec
call
to tripwire even if invoked remotely. For maximum
security, run not only the cron job but also the integrity check on a
trusted remote machine. [Recipe 1.8]
Red Hat Linux comes preconfigured to
run tripwire every night via the cron job
/etc/cron.daily/tripwire-check. However, a
Tripwire database is not supplied with the operating system: you must
initialize one yourself. [Recipe 1.1] If you
don’t, cron
will send daily email
to root about a failed tripwire invocation.
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.