Installing and configuring IWatch

  • apt-get install iwatch
  • /etc/iwatch/iwatch.xml:
<?xml version="1.0" ?>
<!DOCTYPE config SYSTEM "/etc/iwatch/iwatch.dtd" >

<config>
  <guard email="IWatch@host.domain.tld" name="IWatch - host.domain.tld"/>
  <watchlist>
    <title>Operating System</title>
    <contactpoint email="user@domain.tld" name="Administrator"/>
    <path type="single" syslog="on">/bin</path>
    <path type="single" syslog="on">/sbin</path>
    <path type="single" syslog="on">/usr/bin</path>
    <path type="single" syslog="on">/usr/sbin</path>
    <path type="recursive">/etc</path>
    <path type="recursive">/etc/iwatch</path>
    <path type="recursive">/lib</path>
    <path type="exception">/lib/modules</path>
    <path type="exception">/etc/hosts.deny</path>
    <path type="exception">/etc/hosts.deny.purge.tmp</path>
    <path type="exception">/etc/hosts.deny.purge.bak</path>
    <path type="exception">/etc/sv/services/project-open/log</path>
    <path type="single" events="modify" filter="iwatch">/usr/bin</path>
    <path type="single" events="modify" filter="tripwire|twadmin">/usr/sbin</path>
  </watchlist>
</config>
  • enable iwatch in /etc/default/iwatch
  • start iwatch and tweek as needed.
/var/customers/webs/cw01/wiki/data/pages/filesystems/iwatch_install.txt · Last modified: 2011/05/03 08:22 by wadmin
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki