Is it possible to run Tripwire in a CHROOT? I am not sure exactly how CHROOT runs but would that even work? If you are running in CHROOT then the app only has access to the files in its CHROOT tree? Has anyone attempted this or anything similar? Please let me know.
That sounds pretty useless to me since Tripwire is mainly used to verify changes in files. Why would you want to restrict where this check is made?
Let's say you want to keep track of some important stuff such as your system /etc dir with password files and so forth. Running Tripwire in a chroot() jail will prohibit checking of this dir. Unless you chroot() to /, which is not really chrooting.
That is what I was trying to get answered. SO if I do run Tripwire it will not be in CHROOT. (as opposed to SNORT which I am finding very good info on.) Is anyone running Tripwire on ASL right now?
Not to be nit-picky, but Tripwire is an intrusion detection system. The reason it is a good one is that it checks file integrity (md5 hashes which are stored in a database) and can detect any unauthorized file modifications. Usually Tripwire is used on a host with users on it. Unless you use your ASL to host user accounts with, chances are that installing Tripwire is a bit pretentious. You probably won't have much use for it, other than getting annoyed over legitimate stuff.
If you want to check out Tripwire for the sake of learning, I would do this on a Red Hat system or something like Solaris. You get a much better idea of how to use it that way. But this is just my opinion of course.
