First we have to get tripwire:
In my case:
zypper addrepo http://download.opensuse.org/repositories/security/SLE_12_SP2/security.repo
zypper refresh
zypper install tripwire
twadmin --generate-keys --local-keyfile /etc/tripwire/$HOSTNAME-local.key
twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt
In /etc:
cp twcfg.txt tw.cfg
cp twpol.txt te.pol
Create twpol.txt if it does not exist:
# Begin twpol.txt
(
rulename = "Tripwire Data Files",
severity = 100
)
{
/var/lib/tripwire -> $(Dynamic) -i ;
/var/lib/tripwire/report -> $(Dynamic) (recurse=0) ;
}
(
rulename = "Root & Home",
severity = 100
)
{
/ -> $(IgnoreAll) (recurse=1) ;
/home -> $(IgnoreAll) (recurse=1) ;
}
(
rulename = "System Directories",
severity = 100
)
{
/bin -> $(IgnoreNone)-SHa ;
/boot -> $(IgnoreNone)-SHa ;
/etc -> $(IgnoreNone)-SHa ;
/lib -> $(IgnoreNone)-SHa ;
/opt -> $(IgnoreNone)-SHa ;
/root -> $(IgnoreNone)-SHa ;
/sbin -> $(IgnoreNone)-SHa ;
/usr -> $(IgnoreNone)-SHa ;
}
# End twpol.txt
twadmin --create-polfile -S site.key /etc/tripwire/twpol.txt
tripwire --init
tripwire --check
tripwire --check --interactive
References: