Install tripwire
apt-get update
apt-get install tripwire
Create initial policy
twadmin --create-polfile /etc/tripwire/twpol.txt
Initialise and capture errors in default config
tripwire --init
tripwire --check 2>&1 | grep Filename
Fix errors in default config
Set up files and directories you want to watch
nano /etc/tripwire/twpol.txt
Rebuild policy and re-initialise
twadmin -m P /etc/tripwire/twpol.txt
tripwire --init
Remove plaintext config
rm /etc/tripwire/twpol.txt
Set up crontab for daily check and email report
0 0 * * * tripwire --check | mail -s "Tripwire report for `uname -n`" [email protected]