Tripwire is an alternative IDS system..
Download Link -
http://sourceforge.net/project/showfiles.php?group_id=3130 First untar the source files to /usr/local/src
then
cd /usr/local/src
bzip2 -d tripwire-2.4.0.1-src.tar.bz2
tar cvf tripwire-2.4.0.1-src.tar
cd tripwire-2.4.0.1
mkdir install
cp -p -v -R contrib/* install
./configure --prefix=/usr/local/tw --enable-shared
make
make install
Then the software will be installed in /usr/local/tw
Now we need to configure tripwire
cd /usr/local/tw
ls
[root@test tw]# ls -laht
total 32K
drwxr-xr-x 2 root root 4.0K Sep 1 09:39 sbin
drwxr-x--- 2 root root 4.0K Sep 1 09:38 etc
drwxr-xr-x 7 root root 4.0K Sep 1 09:37 .
drwxr-xr-x 3 root root 4.0K Sep 1 09:37 doc
drwxr-xr-x 3 root root 4.0K Sep 1 09:37 lib
drwxr-xr-x 16 root root 4.0K Sep 1 09:19 ..
drwxr-xr-x 5 root root 4.0K Sep 1 09:19 man
[root@test tw]#
Now we create the initial database...
cd /usr/local/tw/sbin
./tripwire --init
Then
[root@test tw]# ./tripwire --check
-bash: ./tripwire: No such file or directory
[root@test tw]# cd sbin/
[root@test sbin]# ./tripwire --check
Parsing policy file: /usr/local/tw/etc/tw.pol
*** Processing Unix File System ***
Performing integrity check...
The object: "/data" is on a different file system...ignoring.
The object: "/old" is on a different file system...ignoring.
The object: "/sys" is on a different file system...ignoring.
### Warning: File system error.
### Filename: /usr/local/doc
### No such file or directory
### Continuing...
### Warning: File system error.
### Filename: /usr/local/sysinfo
### No such file or directory
### Continuing...
### Warning: File system error.
### Filename: /etc/mail/statistics
### No such file or directory
### Continuing...
The object: "/var/lib/nfs/rpc_pipefs" is on a different file system...ignoring.
### Warning: File system error.
### Filename: /var/lib/rpm/__db.001
### No such file or directory
### Continuing...
### Warning: File system error.
### Filename: /var/lib/rpm/__db.002
### No such file or directory
### Continuing...
### Warning: File system error.
### Filename: /var/lib/rpm/__db.003
### No such file or directory
### Continuing...
### Warning: File system error.
### Filename: /var/lost+found
### No such file or directory
### Continuing...
### Warning: File system error.
### Filename: /cdrom
### No such file or directory
### Continuing...
### Warning: File system error.
### Filename: /floppy
### No such file or directory
### Continuing...
### Warning: File system error.
### Filename: /home/oldhome.tgz
### Value too large for defined data type
### Continuing...
### Warning: File system error.
### Filename: /home/lost+found
### No such file or directory
### Continuing...
Wrote report file: /usr/local/tw/lib/tripwire/report/bull.openguys.org20060901-102359.twr
Tripwire(R) 2.4.0 Integrity Check Report
Report generated by: root
Report created on: Fri 01 Jun 2007 10:23:59 AM GMT
Database last updated on: Never
===============================================================================
Report Summary:
===============================================================================
Host name: test.openguys.org
Host IP address: 147.120.203.3
Host ID: None
Policy file used: /usr/local/tw/etc/tw.pol
Configuration file used: /usr/local/tw/etc/tw.cfg
Database file used: /usr/local/tw/lib/tripwire/test.openguys.org.twd
Command line used: ./tripwire --check
===============================================================================
Rule Summary:
===============================================================================
-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------
Rule Name Severity Level Added Removed Modified
--------- -------------- ----- ------- --------
* Tripwire Data Files 0 1 0 0
* Monitor Filesystems 0 0 0 4
* User Binaries and Libraries 0 0 0 1
Tripwire Binaries 0 0 0 0
OS Binaries and Libraries 0 0 0 0
Temporary Directories 0 0 0 0
Global Configuration Files 0 0 0 0
System Boot Changes 0 0 0 0
RPM Checksum Files 0 0 0 0
OS Devices and Misc Directories 0 0 0 0
OS Boot Files and Mount Points 0 0 0 0
Root Directory and Files 0 0 0 0
Total objects scanned: 238934
Total violations found: 6
===============================================================================
Object Summary:
===============================================================================
-------------------------------------------------------------------------------
# Section: Unix File System
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Rule Name: User Binaries and Libraries (/usr/local)
Severity Level: 0
-------------------------------------------------------------------------------
Modified:
"/usr/local/tw/sbin"
-------------------------------------------------------------------------------
Rule Name: Tripwire Data Files (/usr/local/tw/lib/tripwire)
Severity Level: 0
-------------------------------------------------------------------------------
Added:
"/usr/local/tw/lib/tripwire/test.openguys.org.twd"
-------------------------------------------------------------------------------
Rule Name: Monitor Filesystems (/var)
Severity Level: 0
-------------------------------------------------------------------------------
Modified:
"/var/lib/mrtg/mrtg.ok"
"/var/lock/mrtg"
"/var/spool/postfix/public/pickup"
"/var/spool/postfix/public/qmgr"
===============================================================================
Error Report:
===============================================================================
-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------
1. File system error.
Filename: /usr/local/doc
No such file or directory
2. File system error.
Filename: /usr/local/sysinfo
No such file or directory
3. File system error.
Filename: /etc/mail/statistics
No such file or directory
4. File system error.
Filename: /var/lib/rpm/__db.001
No such file or directory
5. File system error.
Filename: /var/lib/rpm/__db.002
No such file or directory
6. File system error.
Filename: /var/lib/rpm/__db.003
No such file or directory
7. File system error.
Filename: /var/lost+found
No such file or directory
8. File system error.
Filename: /cdrom
No such file or directory
9. File system error.
Filename: /floppy
No such file or directory
10. File system error.
Filename: /home/oldhome.tgz
Value too large for defined data type
11. File system error.
Filename: /home/lost+found
No such file or directory
-------------------------------------------------------------------------------
*** End of report ***
Tripwire 2.4 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered
trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY;
for details use --version. This is free software which may be redistributed
or modified only under certain conditions; see COPYING for details.
All rights reserved.
Integrity check complete.
