Tripwire Policy

So, I got sick of the default policy that came with Red Hat and Fedora tripwire packages. A policy that attempts to define and categorize every file that could possibly be installed from the distribution media seems to me to be a little security unconscious. Rather than hunt through the policy file by hand, removing the file definitions that are causing errors (simply because the target file is not installed), I decided to define a set of directories (/bin, /etc, /lib, /usr) and then add any exceptions that I encountered.

Here is a link to the following tripwire policy. You will probably end up placing it in /etc/tripwire. Edit the file and fix “HOSTNAME=localhost;” at line 74 with your hostname (uname -n), and run “/usr/sbin/tripwire -m p /etc/tripwire/twpol.txt“. You may need the “-Z low” flag, too. There is also a version for EL4, EL5, and FC12 (x86_64)/FC12 (powerpc).
Read more of this post