User Tools

Site Tools


Sidebar

js#vista.png msort nsort

filesystems:iwatch_install

Installing and configuring IWatch

  • apt-get install iwatch
  • /etc/iwatch/iwatch.xml:
<?xml version="1.0" ?>
<!DOCTYPE config SYSTEM "/etc/iwatch/iwatch.dtd" >

<config>
  <guard email="IWatch@host.domain.tld" name="IWatch - host.domain.tld"/>
  <watchlist>
    <title>Operating System</title>
    <contactpoint email="user@domain.tld" name="Administrator"/>
    <path type="single" syslog="on">/bin</path>
    <path type="single" syslog="on">/sbin</path>
    <path type="single" syslog="on">/usr/bin</path>
    <path type="single" syslog="on">/usr/sbin</path>
    <path type="recursive">/etc</path>
    <path type="recursive">/etc/iwatch</path>
    <path type="recursive">/lib</path>
    <path type="exception">/lib/modules</path>
    <path type="exception">/etc/hosts.deny</path>
    <path type="exception">/etc/hosts.deny.purge.tmp</path>
    <path type="exception">/etc/hosts.deny.purge.bak</path>
    <path type="exception">/etc/sv/services/project-open/log</path>
    <path type="single" events="modify" filter="iwatch">/usr/bin</path>
    <path type="single" events="modify" filter="tripwire|twadmin">/usr/sbin</path>
  </watchlist>
</config>
  • enable iwatch in /etc/default/iwatch
  • start iwatch and tweek as needed.
filesystems/iwatch_install.txt · Last modified: 2020/02/24 11:16 (external edit)