Using Tripwire to detect modified files

This recipe shows you how to set up Tripwire, an auditing tool for detecting changes made to files on your system. Most often, Tripwire is positioned as an intrusion detection system because the unexpected modification of important configuration files is usually a sign of intrusion or malicious activity. Being able to monitor for such changes gives you the ability to detect and put a stop to malicious activity in a timely manner should it occur.

Getting ready

This recipe requires a CentOS system with a working network connection. The tripwire package is found in the EPEL repository, so the repository must be registered as discussed in Chapter 4, Software Installation Management. Administrative privileges are ...

Get CentOS 7 Server Deployment Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.